Respect 'session.cookie_secure' if it is On
This commit is contained in:
parent
7b60b03e6a
commit
3c3d861f41
|
@ -44,7 +44,7 @@ if (!strpos($_SERVER["REQUEST_URI"], '?') && $_SERVER["QUERY_STRING"] != "") { /
|
|||
if ($_SERVER["HTTP_X_FORWARDED_PREFIX"]) {
|
||||
$_SERVER["REQUEST_URI"] = $_SERVER["HTTP_X_FORWARDED_PREFIX"] . $_SERVER["REQUEST_URI"];
|
||||
}
|
||||
$HTTPS = $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off");
|
||||
$HTTPS = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure"); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy
|
||||
|
||||
@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
|
||||
if (!defined("SID")) {
|
||||
|
|
|
@ -5,6 +5,7 @@ Stop session before connecting
|
|||
Simplify running slow queries
|
||||
Decrease timeout for running slow queries from 5 seconds to 2 seconds
|
||||
Fix displaying info about non-alphabetical objects (bug #599)
|
||||
Use secure cookies on HTTP if session.cookie_secure is set
|
||||
PDO: Support binary fields download
|
||||
MySQL: Use CONVERT() only when searching for non-ASCII (bug #603)
|
||||
PostgreSQL: Add SQL operator to search
|
||||
|
|
Loading…
Reference in a new issue