set cookie secure if forcessl is enabled

This also moves session_start in lib/base.php down a bit because we need OC::$SERVERROOT to get the config settings. Signed-off-by: Florian Pritz <bluewind@xinu.at>
author: Florian Pritz <bluewind@xinu.at> 2011-09-23 13:52:10 +0200
committer: Florian Pritz <bluewind@xinu.at> 2011-09-24 18:42:00 +0200
commit: c7d4e723417f3fad2a306af1f2053cdafde8af43 (patch)
tree: d696d25bf2a72e4ab03c378c65020220033407c1 /lib/user.php
parent: 037d0e9640e93e2df28963b7383562572ccbdd10 (diff)
download: nextcloud-server-c7d4e723417f3fad2a306af1f2053cdafde8af43.tar.gz
nextcloud-server-c7d4e723417f3fad2a306af1f2053cdafde8af43.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/user.php b/lib/user.php
index 3e73b2f1008..241d9aa8b10 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -348,9 +348,10 @@ class OC_User {
 	 * @param string $username username to be set
 	 */
 	public static function setMagicInCookie($username, $token){
-		setcookie("oc_username", $username, time()+60*60*24*15);
-		setcookie("oc_token", $token, time()+60*60*24*15);
-		setcookie("oc_remember_login", true, time()+60*60*24*15);
+		$secure_cookie = OC_Config::getValue("forcessl", false);
+		setcookie("oc_username", $username, time()+60*60*24*15, '', '', $secure_cookie);
+		setcookie("oc_token", $token, time()+60*60*24*15, '', '', $secure_cookie);
+		setcookie("oc_remember_login", true, time()+60*60*24*15, '', '', $secure_cookie);
 	}
 
 	/**
author	Florian Pritz <bluewind@xinu.at>	2011-09-23 13:52:10 +0200
committer	Florian Pritz <bluewind@xinu.at>	2011-09-24 18:42:00 +0200
commit	c7d4e723417f3fad2a306af1f2053cdafde8af43 (patch)
tree	d696d25bf2a72e4ab03c378c65020220033407c1 /lib/user.php
parent	037d0e9640e93e2df28963b7383562572ccbdd10 (diff)
download	nextcloud-server-c7d4e723417f3fad2a306af1f2053cdafde8af43.tar.gz nextcloud-server-c7d4e723417f3fad2a306af1f2053cdafde8af43.zip