Skip to content

Commit ad616cb

Browse files
KeepCoolCHKeepCoolCH
authored
Update session cookie security settings
1 parent 238db3e commit ad616cb

1 file changed

Lines changed: 6 additions & 1 deletion

File tree

admin_download.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,15 @@
11
<?php
22
declare(strict_types=1);
33

4+
$isHttps =
5+
(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
6+
|| (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443)
7+
|| (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https');
8+
49
session_name('DropzoneAdminSession');
510
session_start([
611
'cookie_httponly' => true,
7-
'cookie_secure' => isset($_SERVER['HTTPS']),
12+
'cookie_secure' => $isHttps,
813
'cookie_samesite' => 'Lax',
914
]);
1015

0 commit comments

Comments
 (0)