Version 1.1-beta4 ()
------------------------------------------------------------------------
+ * Use seperate PHP session ID when using HTTPS login. Set 'secure'
+ cookie parameters when using HTTPS. Thanks to lynoure!
+
* Added possibility for templates to define the sidebars they use.
The template specifies this via the $template_config array in
the config.inc.php file of a template. It looks like this:
function serendipity_setCookie($name,$value) {
global $serendipity;
- setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath']);
+ $secure = !empty($_SERVER['HTTPS']) ? true : false;
+ setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath'], $_SERVER['HTTP_HOST'], $secure);
$_COOKIE[$name] = $value;
$serendipity['COOKIE'][$name] = $value;
}
function serendipity_hasPluginPermissions($plugin) {
static $forbidden = null;
global $serendipity;
-
+
if (empty($serendipity['authorid'])) {
return true;
}
@define('S9Y_FRAMEWORK', true);
if (!headers_sent()) {
+ if (!empty($_SERVER['HTTPS'])) {
+ @ini_set('session.name', 'SSLSID');
+ @ini_set('session.cookie_secure', '1');
+ }
session_start();
}
projects / s9y.git / commitdiff