From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Sun, 21 Dec 2008 22:16:30 +0000 (+0100)
Subject: Add support for 'secure' cookies (https only, not accessible via
X-Git-Tag: core/1.0.1~52
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=ad27ee667e5eaa2ac71042d447a80db8325eda86;p=platal.git

Add support for 'secure' cookies (https only, not accessible via
javascript).

Keep in mind this is just a hint given to the browser.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/classes/env.php b/classes/env.php
index 5b6a2b9..e41a669 100644
--- a/classes/env.php
+++ b/classes/env.php
@@ -217,11 +217,14 @@ class Cookie
         unset($_COOKIE[$key]);
     }
 
-    public static function set($key, $value, $days) {
+    public static function set($key, $value, $days, $secure = false) {
         global $globals;
         $key = $globals->cookie_ns . $key;
-        setcookie($key, $value, time() + 86400 * $days, $globals->cookie_path);
-        $_COOKIE[$key] = $value;
+        if (!$secure || @$_SERVER['HTTPS']) {
+            setcookie($key, $value, time() + 86400 * $days, $globals->cookie_path, '',
+                      $secure, $secure);
+            $_COOKIE[$key] = $value;
+        }
     }
 
     public static function v($key, $default = null)