From: Brion Vibber <brion@users.mediawiki.org>
Date: Wed, 24 Jan 2007 17:19:25 +0000 (+0000)
Subject: * (bug 8751) Set session cookies to HTTPS-only to match other cookies
X-Git-Tag: 1.31.0-rc.0~54192
X-Git-Url: http://git.cyclocoop.org/%22%2C%20generer_url_ecrire%28?a=commitdiff_plain;h=2f43eec318f9d13e8792d086de078d8fad72077c;p=lhc%2Fweb%2Fwiklou.git

* (bug 8751) Set session cookies to HTTPS-only to match other cookies
patch from http://bugzilla.wikimedia.org/attachment.cgi?id=3132
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 77f08060d4..80c123152f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -145,6 +145,7 @@ lighter making things easier to read.
   red when the user has no edits. Linker::userToolLinksRedContribs() is an
   alias to that which should be used to make it more self documentating.
 * (bug 8749) Bring MySQL 5 table defs back into sync
+* (bug 8751) Set session cookies to HTTPS-only to match other cookies
 
 
 == Languages updated ==
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 4b73d5af2c..9c19758b29 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -2062,7 +2062,7 @@ function wfIsLocalURL( $url ) {
  * Initialise php session
  */
 function wfSetupSession() {
-	global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain;
+	global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
 	if( $wgSessionsInMemcached ) {
 		require_once( 'MemcachedSessions.php' );
 	} elseif( 'files' != ini_get( 'session.save_handler' ) ) {
@@ -2070,7 +2070,7 @@ function wfSetupSession() {
 		# application, it will end up failing. Try to recover.
 		ini_set ( 'session.save_handler', 'files' );
 	}
-	session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain );
+	session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure);
 	session_cache_limiter( 'private, must-revalidate' );
 	@session_start();
 }