Commit 203e12e0 authored by Francois Marier's avatar Francois Marier
Browse files

Use secure cookies when the site is served over HTTPS

This prevents cookies from being stolen by tricking browsers into
sending them unencrypted.

Bug #843573

Change-Id: I5dfe45e3721fc85ad2d289cea59c5ad1f4eae91b
Signed-off-by: default avatarFrancois Marier <>
parent 204ca1c4
......@@ -40,6 +40,9 @@ ini_set('session.cookie_path', get_mahara_install_subdirectory());
ini_set('session.cookie_httponly', 1);
ini_set('session.hash_bits_per_character', 4);
ini_set('session.hash_function', 0);
if (is_https()) {
ini_set('session.cookie_secure', true);
* The session class handles session data and messages.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment