From dfcbe0591a86fb8f62d9762d9bdb4d96d3a953d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Wed, 25 Jul 2007 10:06:44 +0000
Subject: #160107 by JohnAlbin: use the same session ID regardless of the
 protocol used to access the page (eg share sessions between http and https
 pages)

---
 includes/bootstrap.inc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 6683371cd..1154b84ae 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -299,8 +299,9 @@ function conf_init() {
     $session_name = $cookie_domain;
   }
   else {
-    // Otherwise use $base_url for session name.
-    $session_name = $base_url;
+    // Otherwise use $base_url as session name, without the protocol
+    // to use the same session identifiers across http and https.
+    list( , $session_name) = explode('://', $base_url, 2);
     // We try to set the cookie domain to the hostname.
     if (!empty($_SERVER['HTTP_HOST'])) {
       $cookie_domain = $_SERVER['HTTP_HOST'];
-- 
cgit v1.2.3