Commit 936160f9 authored by Taylor Otwell's avatar Taylor Otwell

Merge pull request #1850 from rk/patch-1

Check application.ssl when setting a secure cookie
parents 9c9b6eed 785e168f
......@@ -82,6 +82,10 @@ class Cookie {
$value = static::hash($value).'+'.$value;
// If the developer has explicitly disabled SLL, then we shouldn't force
// this cookie over SSL.
$secure = $secure && Config::get('application.ssl');
// If the secure option is set to true, yet the request is not over HTTPS
// we'll throw an exception to let the developer know that they are
// attempting to send a secure cookie over the insecure HTTP.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment