Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
06379c54
Commit
06379c54
authored
Aug 18, 2008
by
Dries Buytaert
Browse files
- Patch
#170310
by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
parent
ba6aa9f5
Changes
1
Hide whitespace changes
Inline
Side-by-side
includes/bootstrap.inc
View file @
06379c54
...
...
@@ -373,6 +373,15 @@ function conf_init() {
$cookie_domain
=
check_plain
(
$_SERVER
[
'HTTP_HOST'
]);
}
}
// To prevent session cookies from being hijacked, a user can configure the
// SSL version of their website to only transfer session cookies via SSL by
// using PHP's session.cookie_secure setting. The browser will then use two
// separate session cookies for the HTTPS and HTTP versions of the site. So we
// must use different session identifiers for HTTPS and HTTP to prevent a
// cookie collision.
if
(
ini_get
(
'session.cookie_secure'
))
{
$session_name
.
=
'SSL'
;
}
// Strip leading periods, www., and port numbers from cookie domain.
$cookie_domain
=
ltrim
(
$cookie_domain
,
'.'
);
if
(
strpos
(
$cookie_domain
,
'www.'
)
===
0
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment