diff options
author | friendica <info@friendica.com> | 2014-05-08 16:28:40 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-05-08 16:28:40 -0700 |
commit | d4e00c7bde1ea3e2b6e590767f7e380561cb4dae (patch) | |
tree | a9dd2cd9e41cf1f00ff8d8084a9f379b0dc63b67 | |
parent | cd8095211ff753707149922fb026af456d26d1ff (diff) | |
download | volse-hubzilla-d4e00c7bde1ea3e2b6e590767f7e380561cb4dae.tar.gz volse-hubzilla-d4e00c7bde1ea3e2b6e590767f7e380561cb4dae.tar.bz2 volse-hubzilla-d4e00c7bde1ea3e2b6e590767f7e380561cb4dae.zip |
turn off ssl cookie protection by default since nobody that has problems with it is apparently able to debug it. PLEASE turn it on by
util/config system ssl_cookie_protection 1
if you use SSL. Please debug it if you have a problem and have any basic technical skills at all and tell us why it doesn't work so we can fix it and turn this on by default because it is very very very important.
-rwxr-xr-x | index.php | 20 | ||||
-rw-r--r-- | version.inc | 2 |
2 files changed, 12 insertions, 10 deletions
@@ -55,6 +55,17 @@ if(! $a->install) { call_hooks('init_1'); load_translation_table($a->language); + // Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start(). + + if((! $a->install) && intval($a->config['system']['ssl_cookie_protection'])) { + $arr = session_get_cookie_params(); + session_set_cookie_params( + ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5), + ((isset($arr['path'])) ? $arr['path'] : '/'), + ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), + ((isset($_SERVER['HTTPS'])) ? true : false), + ((isset($arr['httponly'])) ? $arr['httponly'] : true)); + } } else { // load translations but do not check plugins as we have no database @@ -73,15 +84,6 @@ else { * */ -// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start(). - -$arr = session_get_cookie_params(); -session_set_cookie_params( - ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5), - ((isset($arr['path'])) ? $arr['path'] : '/'), - ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), - ((isset($_SERVER['HTTPS'])) ? true : false), - ((isset($arr['httponly'])) ? $arr['httponly'] : true)); session_start(); /** diff --git a/version.inc b/version.inc index 101a79e18..ecc31a81a 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2014-05-07.668 +2014-05-08.669 |