From fb1037b253d64dd492002d20e790b48bbf8484ec Mon Sep 17 00:00:00 2001
From: Manuel Flandorfer <mflandor@greenpeace.org>
Date: Thu, 7 Dec 2023 20:58:32 +0000
Subject: [PATCH] Use secure session cookies for HTTPS requests

---
 CRM/Utils/System/Standalone.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CRM/Utils/System/Standalone.php b/CRM/Utils/System/Standalone.php
index d313f60a98..2228b44451 100644
--- a/CRM/Utils/System/Standalone.php
+++ b/CRM/Utils/System/Standalone.php
@@ -590,6 +590,7 @@ class CRM_Utils_System_Standalone extends CRM_Utils_System_Base {
 
     session_start([
       'cookie_httponly'  => 1,
+      'cookie_secure'    => !empty($_SERVER['HTTPS']),
       'gc_maxlifetime'   => $session_max_lifetime,
       'name'             => 'SESSCIVISO',
       'use_cookies'      => 1,
-- 
2.25.1