From: Manuel Flandorfer <mflandor@greenpeace.org>
Date: Thu, 7 Dec 2023 20:58:32 +0000 (+0000)
Subject: Use secure session cookies for HTTPS requests
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=fb1037b253d64dd492002d20e790b48bbf8484ec;p=civicrm-core.git

Use secure session cookies for HTTPS requests
---

diff --git a/CRM/Utils/System/Standalone.php b/CRM/Utils/System/Standalone.php
index d313f60a98..2228b44451 100644
--- a/CRM/Utils/System/Standalone.php
+++ b/CRM/Utils/System/Standalone.php
@@ -590,6 +590,7 @@ class CRM_Utils_System_Standalone extends CRM_Utils_System_Base {
 
     session_start([
       'cookie_httponly'  => 1,
+      'cookie_secure'    => !empty($_SERVER['HTTPS']),
       'gc_maxlifetime'   => $session_max_lifetime,
       'name'             => 'SESSCIVISO',
       'use_cookies'      => 1,