clef · lolux · Jun 23, 2016 · Jun 23, 2016 · Jun 23, 2016 · Jun 23, 2016
diff --git a/includes/class.clef-utils.php b/includes/class.clef-utils.php
@@ -250,7 +250,7 @@ public static function initialize_state($override = false) {
         if (!$override && isset($_COOKIE[self::$cookie_name]) && $_COOKIE[self::$cookie_name]) return;
 
         $state = wp_generate_password(24, false);
-        @setcookie(self::$cookie_name, $state, (time() + 60 * 60 * 24), '/', '', is_ssl(), true);
+        @setcookie(self::$cookie_name, $state, (time() + 60 * 60 * 24), '/', '', ClefUtils::is_tls(), true);
         $_COOKIE[self::$cookie_name] = $state;
 
         return $state;
@@ -306,5 +306,15 @@ public static function get_logout_hook_url() {
 
         return $logout_hook_url;
     }
+
+    public static function is_tls() {
+        if ( is_ssl() ) {
+            return true;
+        } elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )  {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }
 ?>
diff --git a/includes/lib/wp-session/class-wp-session.php b/includes/lib/wp-session/class-wp-session.php
@@ -127,7 +127,7 @@ protected function set_expiration() {
      * Set the session cookie
      */
     protected function set_cookie() {
-        setcookie( $this->cookie_name, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , (int) $this->expires, COOKIEPATH, COOKIE_DOMAIN );
+        setcookie( $this->cookie_name, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , (int) $this->expires, COOKIEPATH, COOKIE_DOMAIN, ClefUtils::is_tls(), true );
     }
 
     /**