aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xindex.php20
-rw-r--r--version.inc2
2 files changed, 12 insertions, 10 deletions
diff --git a/index.php b/index.php
index 6019cecd3..36ff74169 100755
--- a/index.php
+++ b/index.php
@@ -55,6 +55,17 @@ if(! $a->install) {
call_hooks('init_1');
load_translation_table($a->language);
+ // Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
+
+ if((! $a->install) && intval($a->config['system']['ssl_cookie_protection'])) {
+ $arr = session_get_cookie_params();
+ session_set_cookie_params(
+ ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5),
+ ((isset($arr['path'])) ? $arr['path'] : '/'),
+ ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
+ ((isset($_SERVER['HTTPS'])) ? true : false),
+ ((isset($arr['httponly'])) ? $arr['httponly'] : true));
+ }
}
else {
// load translations but do not check plugins as we have no database
@@ -73,15 +84,6 @@ else {
*
*/
-// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
-
-$arr = session_get_cookie_params();
-session_set_cookie_params(
- ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5),
- ((isset($arr['path'])) ? $arr['path'] : '/'),
- ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
- ((isset($_SERVER['HTTPS'])) ? true : false),
- ((isset($arr['httponly'])) ? $arr['httponly'] : true));
session_start();
/**
diff --git a/version.inc b/version.inc
index 101a79e18..ecc31a81a 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2014-05-07.668
+2014-05-08.669