diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-03-08 19:08:53 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-03-08 19:08:53 +0100 |
| commit | 2d9c27549d23e20df4221ffb6a84835ba836b06a (patch) | |
| tree | f40a50280ddf0a54f73399c481d0743a7e668a19 /lib | |
| parent | b60a9896b1474ac687b2a8e0573129593c179820 (diff) | |
| parent | cd4153912f3c91dcb5d68ea886855e9014684ea0 (diff) | |
Merge pull request #1117 from Alkarex/cookie_secure
Secure cookie HTTPS
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Minz/Request.php | 17 | ||||
| -rw-r--r-- | lib/Minz/Session.php | 6 |
2 files changed, 15 insertions, 8 deletions
diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index effb9943c..81457df9e 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -85,6 +85,17 @@ class Minz_Request { } /** + * Return true if the request is over HTTPS, false otherwise (HTTP) + */ + public static function isHttps() { + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + return strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https'; + } else { + return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on'; + } + } + + /** * Try to guess the base URL from $_SERVER information * * @return the base url (e.g. http://example.com/) @@ -92,11 +103,7 @@ class Minz_Request { public static function guessBaseUrl() { $url = 'http'; - if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { - $https = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https'; - } else { - $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on'; - } + $https = self::isHttps(); if (!empty($_SERVER['HTTP_HOST'])) { $host = $_SERVER['HTTP_HOST']; diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 940cd27d9..c94f2b646 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -73,7 +73,7 @@ class Minz_Session { * @param $l la durée de vie */ public static function keepCookie($l) { - session_set_cookie_params($l, self::getCookieDir(), '', false, true); + session_set_cookie_params($l, self::getCookieDir(), '', Minz_Request::isHttps(), true); } @@ -86,11 +86,11 @@ class Minz_Session { } public static function deleteLongTermCookie($name) { - setcookie($name, '', 1, '', '', false, true); + setcookie($name, '', 1, '', '', Minz_Request::isHttps(), true); } public static function setLongTermCookie($name, $value, $expire) { - setcookie($name, $value, $expire, '', '', false, true); + setcookie($name, $value, $expire, '', '', Minz_Request::isHttps(), true); } public static function getLongTermCookie($name) { |