Merge pull request #254 from clef/cookies

Enhance Clef state and session cookie flags
clef · Jun 23, 2016 · 1a3af9f · 1a3af9f
2 parents 5441e2c + 6bddc60
commit 1a3af9f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/includes/class.clef-utils.php b/includes/class.clef-utils.php
@@ -250,7 +250,7 @@ public static function initialize_state($override = false) {
         if (!$override && isset($_COOKIE[self::$cookie_name]) && $_COOKIE[self::$cookie_name]) return;
 
         $state = wp_generate_password(24, false);
-        @setcookie(self::$cookie_name, $state, (time() + 60 * 60 * 24), '/', '', is_ssl(), true);
+        @setcookie(self::$cookie_name, $state, (time() + 60 * 60 * 24), '/', '', ClefUtils::is_tls(), true);
         $_COOKIE[self::$cookie_name] = $state;
 
         return $state;
@@ -306,5 +306,9 @@ public static function get_logout_hook_url() {
 
         return $logout_hook_url;
     }
+
+    public static function is_tls() {
+        return is_ssl() || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
+    }
 }
 ?>
diff --git a/includes/lib/wp-session/class-wp-session.php b/includes/lib/wp-session/class-wp-session.php
@@ -127,7 +127,7 @@ protected function set_expiration() {
      * Set the session cookie
      */
     protected function set_cookie() {
-        setcookie( $this->cookie_name, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , (int) $this->expires, COOKIEPATH, COOKIE_DOMAIN );
+        setcookie( $this->cookie_name, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , (int) $this->expires, COOKIEPATH, COOKIE_DOMAIN, ClefUtils::is_tls(), true );
     }
 
     /**