Use secure session cookies for HTTPS requests

author Manuel Flandorfer <mflandor@greenpeace.org>

Thu, 7 Dec 2023 20:58:32 +0000 (20:58 +0000)

committer Manuel Flandorfer <mflandor@greenpeace.org>

Thu, 7 Dec 2023 20:58:32 +0000 (20:58 +0000)
author Manuel Flandorfer <mflandor@greenpeace.org>
Thu, 7 Dec 2023 20:58:32 +0000 (20:58 +0000)
committer Manuel Flandorfer <mflandor@greenpeace.org>
Thu, 7 Dec 2023 20:58:32 +0000 (20:58 +0000)
diff --git a/CRM/Utils/System/Standalone.php b/CRM/Utils/System/Standalone.php

index d313f60a98a81ade7fff62dcd453dcc60e193f69..2228b444514c9e0887f24a0235ee61a6464a49fb 100644 (file)
--- a/CRM/Utils/System/Standalone.php
+++ b/CRM/Utils/System/Standalone.php
@@ -590,6 +590,7 @@ class CRM_Utils_System_Standalone extends CRM_Utils_System_Base {
  
      session_start([
        'cookie_httponly'  => 1,
+      'cookie_secure'    => !empty($_SERVER['HTTPS']),
        'gc_maxlifetime'   => $session_max_lifetime,
        'name'             => 'SESSCIVISO',
        'use_cookies'      => 1,
author	Manuel Flandorfer <mflandor@greenpeace.org>
	Thu, 7 Dec 2023 20:58:32 +0000 (20:58 +0000)
committer	Manuel Flandorfer <mflandor@greenpeace.org>
	Thu, 7 Dec 2023 20:58:32 +0000 (20:58 +0000)