From 72d25b1159a8b5aced407d793ed6056a88608c9d Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 18 Sep 2008 12:05:15 +0000
Subject: Secure the other cookie, too.

---
 program/include/rcmail.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 1e4e24b2d..589adf58a 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -728,7 +728,8 @@ class rcmail
       if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) {
         $_SESSION['last_auth'] = $_SESSION['auth_time'];
         $_SESSION['auth_time'] = $now;
-        setcookie('sessauth', $this->get_auth_hash(session_id(), $now));
+        setcookie('sessauth', $this->get_auth_hash(session_id(), $now), '/',
+                  $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
       }
     }
     else {
-- 
cgit v1.2.3