turn off ssl cookie protection by default since nobody that has problems with it is apparently able to debug it. PLEASE turn it on by

util/config system ssl_cookie_protection 1
if you use SSL. Please debug it if you have a problem and have any basic technical skills at all and tell us why it doesn't work so we can fix it and turn this on by default because it is very very very important.

1 files changed, 11 insertions, 9 deletions

diff --git a/index.php b/index.php
index 6019cecd3..36ff74169 100755
--- a/index.php
+++ b/index.php
@@ -55,6 +55,17 @@ if(! $a->install) {
 	call_hooks('init_1');
 	
 	load_translation_table($a->language);
+	// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
+
+	if((! $a->install) && intval($a->config['system']['ssl_cookie_protection'])) {
+		$arr = session_get_cookie_params();
+		session_set_cookie_params(
+			((isset($arr['lifetime']))  ? $arr['lifetime'] : 60*5),
+			((isset($arr['path']))      ? $arr['path']     : '/'),
+			((isset($arr['domain']))    ? $arr['domain']   : $a->get_hostname()),
+			((isset($_SERVER['HTTPS'])) ? true             : false),
+			((isset($arr['httponly']))  ? $arr['httponly'] : true));
+	}
 }
 else {
 	// load translations but do not check plugins as we have no database
@@ -73,15 +84,6 @@ else {
  *
  */
 
-// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
-
-$arr = session_get_cookie_params();
-session_set_cookie_params(
-	((isset($arr['lifetime']))  ? $arr['lifetime'] : 60*5),
-	((isset($arr['path']))      ? $arr['path']     : '/'),
-	((isset($arr['domain']))    ? $arr['domain']   : $a->get_hostname()),
-	((isset($_SERVER['HTTPS'])) ? true             : false),
-	((isset($arr['httponly']))  ? $arr['httponly'] : true));
 session_start();
 
 /**