Merge pull request #1850 from rk/patch-1

Check application.ssl when setting a secure cookie
2013-04-06 18:27:53 -07:00 · 2013-04-06 18:27:53 -07:00 · 936160f907
parent 9c9b6eed10 785e168f5e
commit 936160f907
1 changed files with 4 additions and 0 deletions
--- a/laravel/cookie.php
+++ b/laravel/cookie.php
@ -82,6 +82,10 @@ public static function put($name, $value, $expiration = 0, $path = '/', $domain

 		$value = static::hash($value).'+'.$value;

+		// If the developer has explicitly disabled SLL, then we shouldn't force
+		// this cookie over SSL.
+		$secure = $secure && Config::get('application.ssl');
+
 		// If the secure option is set to true, yet the request is not over HTTPS
 		// we'll throw an exception to let the developer know that they are
 		// attempting to send a secure cookie over the insecure HTTP.