Allow the language cookie to be secured

8fff3c04 · Guy Halse · c869582b · 8fff3c04 · 8fff3c04
Commit 8fff3c04 authored 8 years ago by Guy Halse
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -656,6 +656,8 @@ $config = array(
    'language.cookie.name' => 'language',
    'language.cookie.domain' => null,
    'language.cookie.path' => '/',
+    'language.cookie.secure' => false,
+    'language.cookie.httponly' => false,
    'language.cookie.lifetime' => (60 * 60 * 24 * 900),
    /*

--- a/lib/SimpleSAML/Locale/Language.php
+++ b/lib/SimpleSAML/Locale/Language.php
@@ -412,7 +412,8 @@ class Language
            'lifetime' => ($config->getInteger('language.cookie.lifetime', 60 * 60 * 24 * 900)),
            'domain'   => ($config->getString('language.cookie.domain', null)),
            'path'     => ($config->getString('language.cookie.path', '/')),
-            'httponly' => false,
+            'secure'   => ($config->getBoolean('language.cookie.secure', false)),
+            'httponly' => ($config->getBoolean('language.cookie.httponly', false)),
        );
        HTTP::setCookie($name, $language, $params, false);