diff options
| author | svncommit <devs@roundcube.net> | 2008-09-18 12:05:15 +0000 |
|---|---|---|
| committer | svncommit <devs@roundcube.net> | 2008-09-18 12:05:15 +0000 |
| commit | 72d25b1159a8b5aced407d793ed6056a88608c9d (patch) | |
| tree | e6dd5d3886e9781ca54121eceae15972c4c4f6b9 /program | |
| parent | d0b973cf6aed4a7cb705f706624d25b31d19ed52 (diff) | |
Secure the other cookie, too.
Diffstat (limited to 'program')
| -rw-r--r-- | program/include/rcmail.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 1e4e24b2d..589adf58a 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -728,7 +728,8 @@ class rcmail if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) { $_SESSION['last_auth'] = $_SESSION['auth_time']; $_SESSION['auth_time'] = $now; - setcookie('sessauth', $this->get_auth_hash(session_id(), $now)); + setcookie('sessauth', $this->get_auth_hash(session_id(), $now), '/', + $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off')); } } else { |