better checking for SSL servers, even though it probably doesn't fix the cookie bug

2014-05-08 18:50:33 -07:00 · 2014-05-08 18:50:33 -07:00 · 4cf684a701
commit 4cf684a701
parent 2fe8bae7a5
2 changed files with 3 additions and 1 deletions
--- a/doc/install/sample-nginx.conf
+++ b/doc/install/sample-nginx.conf
@ -59,6 +59,8 @@ server {
  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
  ssl_prefer_server_ciphers on;

+  fastcgi_param HTTPS on;
+
  index index.php;
  charset utf-8;
  root /var/www/red;
--- a/index.php
+++ b/index.php
@ -63,7 +63,7 @@ if(! $a->install) {
 			((isset($arr['lifetime']))  ? $arr['lifetime'] : 60*5),
 			((isset($arr['path']))      ? $arr['path']     : '/'),
 			((isset($arr['domain']))    ? $arr['domain']   : $a->get_hostname()),
-			((isset($_SERVER['HTTPS'])) ? true             : false),
+			((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
 			((isset($arr['httponly']))  ? $arr['httponly'] : true));
 	}
 }