From a91557ae6fb3bedd5758ef869bc2fe0f701d1703 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Sat, 7 Feb 2009 22:41:59 +0000
Subject: [PATCH] MDL-18137 all cookies now secure if configured to be

---
 lib/sessionlib.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index 9ab764474a..d7bb00b1d0 100644
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -738,9 +738,8 @@ function set_moodle_cookie($thing) {
     $days = 60;
     $seconds = DAYSECS*$days;
 
-    // no need to set secure or http cookie only here - it is not secret
-    setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
-    setcookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain);
+    setcookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
+    setcookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
 }
 
 /**
-- 
2.39.5