From d0b973cf6aed4a7cb705f706624d25b31d19ed52 Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 18 Sep 2008 11:54:14 +0000
Subject: Bind cookie gotten over HTTPS to HTTPS only (#1485336).

---
 program/include/session.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'program')

diff --git a/program/include/session.inc b/program/include/session.inc
index 603f384bb..ad66f0c40 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -184,7 +184,8 @@ function rcube_sess_regenerate_id()
   $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
 
   setcookie(session_name(), '', time() - 3600);
-  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain']);
+  setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
+            $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
 
   return true;
 }
-- 
cgit v1.2.3