Merge "Cookie lacking "secure" flag for HTTPS sites (Bug #1384009)"

5c9a6ccb · Robert Lyon · Gerrit Code Review · aca61905 · dfbb1197 · 5c9a6ccb
Commit 5c9a6ccb authored Nov 12, 2014 by Robert Lyon Committed by Gerrit Code Review Nov 12, 2014
--- a/htdocs/lib/web.php
+++ b/htdocs/lib/web.php
@@ -1644,7 +1644,7 @@ function set_cookie($name, $value='', $expires=0, $access=false) {
    // If Cookie Consent is enabled with cc_necessary cookie set to 'yes'
    // or Cookie Consent is not enabled
    if (empty($_COOKIE['cc_necessary']) || (isset($_COOKIE['cc_necessary']) && $_COOKIE['cc_necessary'] == 'yes')) {
-        setcookie($name, $value, $expires, $url['path'], $domain, false, true);
+        setcookie($name, $value, $expires, $url['path'], $domain, is_https(), true);
    }

    if ($access) {  // View access cookies may be needed on this request