From f0ef111c9d3415721754ff8296af55dfb2d2913e Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Sat, 25 Jun 2022 02:16:48 +0200
Subject: [PATCH] sec(SessionMgmt) make session cookie secure

---
 vendor/stefangabos/zebra_session/Zebra_Session.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/vendor/stefangabos/zebra_session/Zebra_Session.php b/vendor/stefangabos/zebra_session/Zebra_Session.php
index 1a52584239..c0c78ec78b 100644
--- a/vendor/stefangabos/zebra_session/Zebra_Session.php
+++ b/vendor/stefangabos/zebra_session/Zebra_Session.php
@@ -252,11 +252,10 @@ public function __construct(
             ini_set('session.use_strict_mode', 1);
 
             // if on HTTPS
-            if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
-
+            if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')) {
                 // allows access to the session ID cookie only when the protocol is HTTPS
                 ini_set('session.cookie_secure', 1);
-
+            }
             // if $session_lifetime is specified and is an integer number
             if ($session_lifetime != '' && is_integer($session_lifetime))