From: skodak <skodak>
Date: Sat, 7 Feb 2009 22:41:59 +0000 (+0000)
Subject: MDL-18137 all cookies now secure if configured to be
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=a91557ae6fb3bedd5758ef869bc2fe0f701d1703;p=moodle.git

MDL-18137 all cookies now secure if configured to be
---

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index 9ab764474a..d7bb00b1d0 100644
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -738,9 +738,8 @@ function set_moodle_cookie($thing) {
     $days = 60;
     $seconds = DAYSECS*$days;
 
-    // no need to set secure or http cookie only here - it is not secret
-    setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
-    setcookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
+    setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
+    setcookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
 }
 
 /**