sessions: use is_server_https() for secure cookie setting

author Andrew Dolgov <noreply@fakecake.org>

Mon, 17 Jul 2017 04:33:43 +0000 (07:33 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Mon, 17 Jul 2017 04:33:43 +0000 (07:33 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Mon, 17 Jul 2017 04:33:43 +0000 (07:33 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Mon, 17 Jul 2017 04:33:43 +0000 (07:33 +0300)
diff --git a/include/sessions.php b/include/sessions.php

index 3d6e6e2c627a8c1339435d259d7a54af6bd800a5..7ea9052bc71307c19b2a5da62bcc716fc7341c76 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -12,7 +12,7 @@
         $session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
         $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
  
-       if ((!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || @$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
+       if (is_server_https()) {
                 $session_name .= "_ssl";
                 ini_set("session.cookie_secure", true);
         }
author	Andrew Dolgov <noreply@fakecake.org>
	Mon, 17 Jul 2017 04:33:43 +0000 (07:33 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Mon, 17 Jul 2017 04:33:43 +0000 (07:33 +0300)