Fixed Session cookies not being sent via non HTTPS

originphp · Jul 23, 2019 · f1e91b0 · f1e91b0
1 parent 294fb87
commit f1e91b0
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,6 +21,10 @@ Upload: git push origin --tags
 Delete tag: git tag -d <tag_name>
 
 ## [Unreleased]
+## [1.24.1] - 2019-07-23
+### Fixed
+- Session cookies not being sent via non HTTPS
+
 ## [1.24.0] - 2019-07-23
 ### Added
 - Added Schema::addIndex Type option to allow for creating fulltext indexes

diff --git a/src/Http/Session.php b/src/Http/Session.php
@@ -47,10 +47,13 @@ public function __construct()
 
         $config = [
             'session.save_path' => TMP . DS . 'sessions',
-            'session.cookie_secure' => 1,
             'session.cookie_httponly' => 1,
         ];
 
+        if (env('HTTPS')) {
+            $config['session.cookie_secure'] = 1;
+        }
+
         if (! $this->started() and ! headers_sent()) {
             $this->setIniConfig($config);
         }