From 7e258f91f788c479af091dc6d7d309efdaf657b7 Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Wed, 24 May 2017 15:14:10 +0200
Subject: No SSL cookies for trusted IPs because Chrome does not overwrite SSL
 cookies with non-SSL ones and thus prevents login to devel after live,
 reported by David

---
 it_session.class | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'it_session.class')

diff --git a/it_session.class b/it_session.class
index 7873869..ec8b64f 100644
--- a/it_session.class
+++ b/it_session.class
@@ -47,7 +47,7 @@ function it_session()
  * load balanced Proxies and maybe more weird stuff).
  *	$this->address = $_SERVER['REMOTE_ADDR'] . '/' . $_SERVER['HTTP_X_FORWARDED_FOR'];
  */
-	$this->ssl = !empty($_SERVER['HTTPS']);
+	$this->ssl = !empty($_SERVER['HTTPS']) && !$GLOBALS['ULTRATRUSTED'];	# No SSL cookies for trusted IPs because Chrome does not overwrite SSL cookies with non-SSL ones and thus prevents login to devel after live, reported by David
 }
 
 
-- 
cgit v1.2.3