diff options
Diffstat (limited to 'index.php')
| -rwxr-xr-x | index.php | 20 |
1 files changed, 11 insertions, 9 deletions
@@ -55,6 +55,17 @@ if(! $a->install) { call_hooks('init_1'); load_translation_table($a->language); + // Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start(). + + if((! $a->install) && intval($a->config['system']['ssl_cookie_protection'])) { + $arr = session_get_cookie_params(); + session_set_cookie_params( + ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5), + ((isset($arr['path'])) ? $arr['path'] : '/'), + ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), + ((isset($_SERVER['HTTPS'])) ? true : false), + ((isset($arr['httponly'])) ? $arr['httponly'] : true)); + } } else { // load translations but do not check plugins as we have no database @@ -73,15 +84,6 @@ else { * */ -// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start(). - -$arr = session_get_cookie_params(); -session_set_cookie_params( - ((isset($arr['lifetime'])) ? $arr['lifetime'] : 60*5), - ((isset($arr['path'])) ? $arr['path'] : '/'), - ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()), - ((isset($_SERVER['HTTPS'])) ? true : false), - ((isset($arr['httponly'])) ? $arr['httponly'] : true)); session_start(); /** |