Add support for 'secure' cookies (https only, not accessible via

author Florent Bruneau <florent.bruneau@polytechnique.org>

Sun, 21 Dec 2008 22:16:30 +0000 (23:16 +0100)

committer Florent Bruneau <florent.bruneau@polytechnique.org>

Sun, 21 Dec 2008 22:16:30 +0000 (23:16 +0100)
author Florent Bruneau <florent.bruneau@polytechnique.org>
Sun, 21 Dec 2008 22:16:30 +0000 (23:16 +0100)
committer Florent Bruneau <florent.bruneau@polytechnique.org>
Sun, 21 Dec 2008 22:16:30 +0000 (23:16 +0100)
diff --git a/classes/env.php b/classes/env.php

index 5b6a2b9..e41a669 100644 (file)
--- a/classes/env.php
+++ b/classes/env.php
@@ -217,11 +217,14 @@ class Cookie
          unset($_COOKIE[$key]);
      }
  
-    public static function set($key, $value, $days) {
+    public static function set($key, $value, $days, $secure = false) {
          global $globals;
          $key = $globals->cookie_ns . $key;
-        setcookie($key, $value, time() + 86400 * $days, $globals->cookie_path);
-        $_COOKIE[$key] = $value;
+        if (!$secure || @$_SERVER['HTTPS']) {
+            setcookie($key, $value, time() + 86400 * $days, $globals->cookie_path, '',
+                      $secure, $secure);
+            $_COOKIE[$key] = $value;
+        }
      }
  
      public static function v($key, $default = null)
author	Florent Bruneau <florent.bruneau@polytechnique.org>
	Sun, 21 Dec 2008 22:16:30 +0000 (23:16 +0100)
committer	Florent Bruneau <florent.bruneau@polytechnique.org>
	Sun, 21 Dec 2008 22:16:30 +0000 (23:16 +0100)