sec(SessionMgmt) make session cookie secure

tsolucio · Jun 25, 2022 · f0ef111 · f0ef111
1 parent 5e09629
commit f0ef111
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/vendor/stefangabos/zebra_session/Zebra_Session.php b/vendor/stefangabos/zebra_session/Zebra_Session.php
@@ -252,11 +252,10 @@ public function __construct(
             ini_set('session.use_strict_mode', 1);
 
             // if on HTTPS
-            if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
-
+            if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')) {
                 // allows access to the session ID cookie only when the protocol is HTTPS
                 ini_set('session.cookie_secure', 1);
-
+            }
             // if $session_lifetime is specified and is an integer number
             if ($session_lifetime != '' && is_integer($session_lifetime))