2 files changed, 33 insertions, 6 deletions

diff --git a/inc/auth.php b/inc/auth.php
index 8d6f48738..f9d48d0d6 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -135,7 +135,11 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
       $pass   = PMA_blowfish_encrypt($pass,auth_cookiesalt());
       $cookie = base64_encode("$user|$sticky|$pass");
       if($sticky) $time = time()+60*60*24*365; //one year
-      setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL);
+      if (version_compare(PHP_VERSION, '5.2.0', '>')) {
+          setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true);
+      }else{
+          setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()));
+      }
 
       // set session
       $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
@@ -286,7 +290,12 @@ function auth_logoff(){
   if(isset($_SERVER['REMOTE_USER']))
     unset($_SERVER['REMOTE_USER']);
   $USERINFO=null; //FIXME
-  setcookie(DOKU_COOKIE,'',time()-600000,DOKU_REL);
+
+  if (version_compare(PHP_VERSION, '5.2.0', '>')) {
+    setcookie(DOKU_COOKIE,'',time()-600000,DOKU_REL,($conf['securecookie'] && is_ssl()),true);
+  }else{
+    setcookie(DOKU_COOKIE,'',time()-600000,DOKU_REL,($conf['securecookie'] && is_ssl()));
+  }
 
   if($auth && $auth->canDo('logoff')){
     $auth->logOff();
diff --git a/inc/init.php b/inc/init.php
index b01711e4b..5277206f6 100644
--- a/inc/init.php
+++ b/inc/init.php
@@ -114,7 +114,11 @@
   // init session
   if (!headers_sent() && !defined('NOSESSION')){
     session_name("DokuWiki");
-    session_set_cookie_params(0, DOKU_REL);
+    if (version_compare(PHP_VERSION, '5.2.0', '>')) {
+      session_set_cookie_params(0,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true);
+    }else{
+      session_set_cookie_params(0,DOKU_REL,'',($conf['securecookie'] && is_ssl()));
+    }
     session_start();
   }
 
@@ -341,9 +345,7 @@ function getBaseURL($abs=null){
   if(!$port)  $port = $_SERVER['SERVER_PORT'];
   if(!$port)  $port = 80;
 
-  // see if HTTPS is enabled - apache leaves this empty when not available,
-  // IIS sets it to 'off', 'false' and 'disabled' are just guessing
-  if (preg_match('/^(|off|false|disabled)$/i',$_SERVER['HTTPS'])){
+  if(!is_ssl()){
     $proto = 'http://';
     if ($port == '80') {
       $port='';
@@ -361,6 +363,22 @@ function getBaseURL($abs=null){
 }
 
 /**
+ * Check if accessed via HTTPS
+ *
+ * Apache leaves ,$_SERVER['HTTPS'] empty when not available, IIS sets it to 'off'.
+ * 'false' and 'disabled' are just guessing
+ *
+ * @returns bool true when SSL is active
+ */
+function is_ssl(){
+    if (preg_match('/^(|off|false|disabled)$/i',$_SERVER['HTTPS'])){
+        return false;
+    }else{
+        return true;
+    }
+}
+
+/**
  * Append a PHP extension to a given file and adds an exit call
  *
  * This is used to migrate some old configfiles. An added PHP extension