Merge pull request #67 from RobertElder/2.5.x

PHP ini settings for cookies.
2014-10-07 10:04:13 -04:00 · 2014-10-07 10:04:13 -04:00 · e803676d1b
parent b861375959 f0397bbc59
commit e803676d1b
1 changed files with 10 additions and 0 deletions
--- a/airtime_mvc/public/index.php
+++ b/airtime_mvc/public/index.php
@ -1,5 +1,15 @@
 <?php

+//  Only enable cookie secure if we are supporting https.
+//  Ideally, this would always be on and we would force https,
+//  but the default installation configs are likely to be installed by
+//  amature users on the setup that does not have https.  Forcing
+//  cookie_secure on non https would result in confusing login problems.
+if(!empty($_SERVER['HTTPS'])){
+        ini_set('session.cookie_secure', '1');
+}
+ini_set('session.cookie_httponly', '1');
+
 error_reporting(E_ALL|E_STRICT);

 function exception_error_handler($errno, $errstr, $errfile, $errline)