dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
In the web installer, use secure session cookies
[lhc/web/wiklou.git] / includes / installer / WebInstaller.php
diff --git a/includes/installer/WebInstaller.php b/includes/installer/WebInstaller.php
index 8fb9807..545cc06 100644 (file)
--- a/includes/installer/WebInstaller.php
+++ b/includes/installer/WebInstaller.php
@@ -341,11 +341,17 @@ class WebInstaller extends Installer {
                        return true;
                }
 
+               // Use secure cookies if we are on HTTPS
+               $options = [];
+               if ( $this->request->getProtocol() === 'https' ) {
+                       $options['cookie_secure'] = '1';
+               }
+
                $this->phpErrors = [];
                set_error_handler( [ $this, 'errorHandler' ] );
                try {
                        session_name( 'mw_installer_session' );
-                       session_start();
+                       session_start( $options );
                } catch ( Exception $e ) {
                        restore_error_handler();
                        throw $e;
Wiklou, le Wiki du Wiklou