ENHANCEMENT Allow setting secure session cookies when using SSL. Recent change r114567 made this impossible. (thanks simon_w!) (from r114900)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114901 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 12:05:37 +00:00 · 2010-12-13 22:33:04 +00:00 · 2010-12-13 22:33:04 +00:00 · f41b5179f6
commit f41b5179f6
parent c639916afb
1 changed files with 21 additions and 2 deletions
--- a/core/Session.php
+++ b/core/Session.php
@ -91,6 +91,8 @@ class Session {

 	protected static $cookie_path;

+	protected static $cookie_secure = false;
+
 	/**
 	 * Session data
 	 */
@ -140,6 +142,22 @@ class Session {
 		}
 	}

+	/**
+	 * Secure cookie, tells the browser to only send it over SSL.
+	 * @param boolean $secure
+	 */
+	public static function set_cookie_secure($secure) {
+		self::$cookie_secure = (bool) $secure;
+	}
+
+	/**
+	 * Get if the cookie is secure
+	 * @return boolean
+	 */
+	public static function get_cookie_secure() {
+		return (bool) self::$cookie_secure;
+	}
+
 	/**
 	 * Create a new session object, with the given starting data
 	 *
@ -411,12 +429,13 @@ class Session {
 		self::load_config();
 		$path = self::get_cookie_path();
 		$domain = self::get_cookie_domain();
+		$secure = self::get_cookie_secure();

 		if(!session_id() && !headers_sent()) {
 			if($domain) {
-				session_set_cookie_params(self::$timeout, $path, $domain, false /* secure */, true /* httponly */);
+				session_set_cookie_params(self::$timeout, $path, $domain, $secure /* secure */, true /* httponly */);
 			} else {
-				session_set_cookie_params(self::$timeout, $path, null, false /* secure */, true /* httponly */);
+				session_set_cookie_params(self::$timeout, $path, null, $secure /* secure */, true /* httponly */);
 			}

 			// @ is to supress win32 warnings/notices when session wasn't cleaned up properly