aboutsummaryrefslogtreecommitdiffstats
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rwxr-xr-xindex.php20
1 files changed, 11 insertions, 9 deletions
diff --git a/index.php b/index.php
index 6019cecd3..a07c1a633 100755
--- a/index.php
+++ b/index.php
@@ -55,6 +55,17 @@ if(! $a->install) {
call_hooks('init_1');
load_translation_table($a->language);
+ // Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
+
+ if(intval($a->config['system']['ssl_cookie_protection'])) {
+ $arr = session_get_cookie_params();
+ session_set_cookie_params(
+ ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5),
+ ((isset($arr['path'])) ? $arr['path'] : '/'),
+ ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
+ ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+ ((isset($arr['httponly'])) ? $arr['httponly'] : true));
+ }
}
else {
// load translations but do not check plugins as we have no database
@@ -73,15 +84,6 @@ else {
*
*/
-// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
-
-$arr = session_get_cookie_params();
-session_set_cookie_params(
- ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5),
- ((isset($arr['path'])) ? $arr['path'] : '/'),
- ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
- ((isset($_SERVER['HTTPS'])) ? true : false),
- ((isset($arr['httponly'])) ? $arr['httponly'] : true));
session_start();
/**