librenms · murrant · Mar 17, 2019 · Mar 15, 2019 · Mar 17, 2019 · Mar 17, 2019
diff --git a/LibreNMS/Config.php b/LibreNMS/Config.php
@@ -442,10 +442,6 @@ private static function processConfig($persist = true)
             self::set('email_from', '"' . self::get('project_name') . '" <' . self::get('email_user') . '@' . php_uname('n') . '>');
         }
 
-        if (self::get('secure_cookies')) {
-            ini_set('session.cookie_secure', 1);
-        }
-
         // If we're on SSL, let's properly detect it
         if (isset($_SERVER['HTTPS'])) {
             self::set('base_url', preg_replace('/^http:/', 'https:', self::get('base_url')));

diff --git a/doc/General/Security.md b/doc/General/Security.md
@@ -13,9 +13,6 @@ a firewall or VPN.
 It is also highly recommended that the Web interface is protected with an SSL certificate such as ones 
 provided by [LetsEncrypt](http://www.letsencrypt.org).
 
-When using HTTPS, it is recommended that you use secure, encrypted cookies to prevent session
-hijacking attacks. Set ``$config['secure_cookies'] = true;`` in ``config.php`` to enable these.
-
 Please ensure you keep your install [up to date](Updating.md).
 
 ### Reporting vulnerabilities

diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php
@@ -982,13 +982,6 @@
 // Graphite default port
 $config['graphite']['port']         = 2003;
 
-// Whether to enable secure cookies. Setting this to true enable secure cookies
-// and only send them over HTTPS. Setting this to false will send cookies over
-// HTTP and HTTPS, but they will be insecure. Setting this to $_SERVER["HTTPS"]
-// will send secure cookies when the site is being accessed over HTTPS, and
-// send insecure cookies when the site is being accessed over HTTP.
-$config['secure_cookies'] = isset($_SERVER["HTTPS"]) ? $_SERVER["HTTPS"] : false;
-
 // API config
 $config['api']['cors']['enabled'] = false;
 $config['api']['cors']['origin'] = '*';