* (bug 8751) Set session cookies to HTTPS-only to match other cookies

patch from http://bugzilla.wikimedia.org/attachment.cgi?id=3132

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 77f0806..80c1231 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -145,6 +145,7 @@ lighter making things easier to read.
   red when the user has no edits. Linker::userToolLinksRedContribs() is an
   alias to that which should be used to make it more self documentating.
 * (bug 8749) Bring MySQL 5 table defs back into sync
+* (bug 8751) Set session cookies to HTTPS-only to match other cookies
 
 
 == Languages updated ==

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 4b73d5a..9c19758 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -2062,7 +2062,7 @@ function wfIsLocalURL( $url ) {
  * Initialise php session
  */
 function wfSetupSession() {
-       global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain;
+       global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
        if( $wgSessionsInMemcached ) {
                require_once( 'MemcachedSessions.php' );
        } elseif( 'files' != ini_get( 'session.save_handler' ) ) {
@@ -2070,7 +2070,7 @@ function wfSetupSession() {
                # application, it will end up failing. Try to recover.
                ini_set ( 'session.save_handler', 'files' );
        }
-       session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain );
+       session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure);
        session_cache_limiter( 'private, must-revalidate' );
        @session_start();
 }