aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-05-08 16:28:40 -0700
committerfriendica <info@friendica.com>2014-05-08 16:28:40 -0700
commitd4e00c7bde1ea3e2b6e590767f7e380561cb4dae (patch)
treea9dd2cd9e41cf1f00ff8d8084a9f379b0dc63b67
parentcd8095211ff753707149922fb026af456d26d1ff (diff)
downloadvolse-hubzilla-d4e00c7bde1ea3e2b6e590767f7e380561cb4dae.tar.gz
volse-hubzilla-d4e00c7bde1ea3e2b6e590767f7e380561cb4dae.tar.bz2
volse-hubzilla-d4e00c7bde1ea3e2b6e590767f7e380561cb4dae.zip
turn off ssl cookie protection by default since nobody that has problems with it is apparently able to debug it. PLEASE turn it on by
util/config system ssl_cookie_protection 1 if you use SSL. Please debug it if you have a problem and have any basic technical skills at all and tell us why it doesn't work so we can fix it and turn this on by default because it is very very very important.
-rwxr-xr-xindex.php20
-rw-r--r--version.inc2
2 files changed, 12 insertions, 10 deletions
diff --git a/index.php b/index.php
index 6019cecd3..36ff74169 100755
--- a/index.php
+++ b/index.php
@@ -55,6 +55,17 @@ if(! $a->install) {
call_hooks('init_1');
load_translation_table($a->language);
+ // Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
+
+ if((! $a->install) && intval($a->config['system']['ssl_cookie_protection'])) {
+ $arr = session_get_cookie_params();
+ session_set_cookie_params(
+ ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5),
+ ((isset($arr['path'])) ? $arr['path'] : '/'),
+ ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
+ ((isset($_SERVER['HTTPS'])) ? true : false),
+ ((isset($arr['httponly'])) ? $arr['httponly'] : true));
+ }
}
else {
// load translations but do not check plugins as we have no database
@@ -73,15 +84,6 @@ else {
*
*/
-// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
-
-$arr = session_get_cookie_params();
-session_set_cookie_params(
- ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5),
- ((isset($arr['path'])) ? $arr['path'] : '/'),
- ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
- ((isset($_SERVER['HTTPS'])) ? true : false),
- ((isset($arr['httponly'])) ? $arr['httponly'] : true));
session_start();
/**
diff --git a/version.inc b/version.inc
index 101a79e18..ecc31a81a 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-05-07.668
+2014-05-08.669