From 3e84a7943be101168f43787baed08c8a589dda61 Mon Sep 17 00:00:00 2001
From: robin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Thu, 18 Sep 2008 11:54:14 +0000
Subject: Bind cookie gotten over HTTPS to HTTPS only (#1485336).

git-svn-id: https://svn.roundcube.net/trunk@1823 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/include/session.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'roundcubemail/program/include/session.inc')

diff --git a/roundcubemail/program/include/session.inc b/roundcubemail/program/include/session.inc
index 603f384bb..ad66f0c40 100644
--- a/roundcubemail/program/include/session.inc
+++ b/roundcubemail/program/include/session.inc
@@ -184,7 +184,8 @@ function rcube_sess_regenerate_id()
   $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
 
   setcookie(session_name(), '', time() - 3600);
-  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain']);
+  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
+            $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
 
   return true;
 }
-- 
cgit v1.2.3