From ebd86f2d3cc7f90e00723f3ee6fad6f110ff703f Mon Sep 17 00:00:00 2001
From: Carsten Schmitz <carsten.schmitz@limesurvey.org>
Date: Mon, 29 Aug 2016 09:58:15 +0200
Subject: [PATCH] Fixed issue: [security] If SSL is used cookies did not have
 secure flag

---
 application/config/internal.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/application/config/internal.php b/application/config/internal.php
index bd38ed36030..042923cfee5 100644
--- a/application/config/internal.php
+++ b/application/config/internal.php
@@ -146,6 +146,7 @@
         'session' => array(
             'cookieParams' => array(
                 'httponly' => true,
+                'secure'=> isset($_SERVER['HTTPS']) && ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443)
             ),
         ),
         'messages' => array(