MDL-18137 all cookies now secure if configured to be

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index 9ab764474a034a0d97b31428ddf6bae32daeb230..d7bb00b1d0b1b93714758e1c554223aeb88cd578 100644 (file)
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -738,9 +738,8 @@ function set_moodle_cookie($thing) {
     $days = 60;
     $seconds = DAYSECS*$days;
 
-    // no need to set secure or http cookie only here - it is not secret
-    setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
-    setcookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
+    setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
+    setcookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
 }
 
 /**