summaryrefslogtreecommitdiff
path: root/it_session.class
diff options
context:
space:
mode:
authorChristian Schneider2017-05-24 15:14:10 +0200
committerChristian Schneider2017-05-24 15:14:10 +0200
commit7e258f91f788c479af091dc6d7d309efdaf657b7 (patch)
tree7ef1f36bce7daf92eb60826bc7ea59161935c2d4 /it_session.class
parentf87f1f60381ed063483410d8a5d1fc832c2cb6f4 (diff)
downloaditools-7e258f91f788c479af091dc6d7d309efdaf657b7.tar.gz
itools-7e258f91f788c479af091dc6d7d309efdaf657b7.tar.bz2
itools-7e258f91f788c479af091dc6d7d309efdaf657b7.zip
No SSL cookies for trusted IPs because Chrome does not overwrite SSL cookies with non-SSL ones and thus prevents login to devel after live, reported by David
Diffstat (limited to 'it_session.class')
-rw-r--r--it_session.class2
1 files changed, 1 insertions, 1 deletions
diff --git a/it_session.class b/it_session.class
index 7873869..ec8b64f 100644
--- a/it_session.class
+++ b/it_session.class
@@ -47,7 +47,7 @@ function it_session()
* load balanced Proxies and maybe more weird stuff).
* $this->address = $_SERVER['REMOTE_ADDR'] . '/' . $_SERVER['HTTP_X_FORWARDED_FOR'];
*/
- $this->ssl = !empty($_SERVER['HTTPS']);
+ $this->ssl = !empty($_SERVER['HTTPS']) && !$GLOBALS['ULTRATRUSTED']; # No SSL cookies for trusted IPs because Chrome does not overwrite SSL cookies with non-SSL ones and thus prevents login to devel after live, reported by David
}