From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 17 Jul 2017 04:33:43 +0000 (+0300)
Subject: sessions: use is_server_https() for secure cookie setting
X-Git-Tag: 17.12~141
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=1b5b1e5fec02c9158ea655dcc933380f4f464c99;p=tt-rss.git

sessions: use is_server_https() for secure cookie setting
---

diff --git a/include/sessions.php b/include/sessions.php
index 3d6e6e2c..7ea9052b 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -12,7 +12,7 @@
 	$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
 	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
 
-	if ((!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || @$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
+	if (is_server_https()) {
 		$session_name .= "_ssl";
 		ini_set("session.cookie_secure", true);
 	}