From: garvinhicking Date: Wed, 30 Aug 2006 09:13:50 +0000 (+0000) Subject: Use secure HTTPS cookies X-Git-Tag: 1.1~91 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=62c4412931add097c0b69ec9869e77b38b7ddccf;p=s9y.git Use secure HTTPS cookies --- diff --git a/docs/NEWS b/docs/NEWS index 744a6f6..9431837 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -3,6 +3,9 @@ Version 1.1-beta4 () ------------------------------------------------------------------------ + * Use seperate PHP session ID when using HTTPS login. Set 'secure' + cookie parameters when using HTTPS. Thanks to lynoure! + * Added possibility for templates to define the sidebars they use. The template specifies this via the $template_config array in the config.inc.php file of a template. It looks like this: diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index 71be6a7..5100765 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -559,7 +559,8 @@ function serendipity_JSsetCookie($name, $value) { function serendipity_setCookie($name,$value) { global $serendipity; - setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath']); + $secure = !empty($_SERVER['HTTPS']) ? true : false; + setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath'], $_SERVER['HTTP_HOST'], $secure); $_COOKIE[$name] = $value; $serendipity['COOKIE'][$name] = $value; } @@ -1860,7 +1861,7 @@ function &serendipity_loadThemeOptions(&$template_config) { function serendipity_hasPluginPermissions($plugin) { static $forbidden = null; global $serendipity; - + if (empty($serendipity['authorid'])) { return true; } diff --git a/serendipity_config.inc.php b/serendipity_config.inc.php index c3361f8..1de8dea 100644 --- a/serendipity_config.inc.php +++ b/serendipity_config.inc.php @@ -9,6 +9,10 @@ if (defined('S9Y_FRAMEWORK')) { @define('S9Y_FRAMEWORK', true); if (!headers_sent()) { + if (!empty($_SERVER['HTTPS'])) { + @ini_set('session.name', 'SSLSID'); + @ini_set('session.cookie_secure', '1'); + } session_start(); }