From ddb71e4cd16c7e0e3188202161003e2fd542f604 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Wed, 9 May 2012 19:08:17 +0200
Subject: Handle HTTPOnly and Secure flags on cookies

---
 etc/inc/auth.inc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'etc')

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index a002758..26f0497 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -1260,6 +1260,18 @@ function authenticate_user($username, $password, $authcfg = NULL) {
 function session_auth() {
 	global $HTTP_SERVER_VARS, $config, $_SESSION, $page;
 
+	// Handle HTTPS httponly and secure flags
+	if($config['system']['webgui']['protocol'] == "https") {
+		$currentCookieParams = session_get_cookie_params();
+		session_set_cookie_params(
+			$currentCookieParams["lifetime"],
+			$currentCookieParams["path"],
+			NULL,
+			true,
+			true
+		);
+	}
+
 	if (!session_id())
 		session_start();
 
-- 
cgit v1.1