Use a secure logged_in_cookie when the home URL is forced HTTPS (see #27954).
see #15330. Built from https://develop.svn.wordpress.org/trunk@28627 git-svn-id: http://core.svn.wordpress.org/trunk@28447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
15a1f80885
commit
733057e7d6
|
@ -818,8 +818,12 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
|
||||||
$expire = 0;
|
$expire = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( '' === $secure )
|
if ( '' === $secure ) {
|
||||||
$secure = is_ssl();
|
$secure = is_ssl();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Frontend cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
|
||||||
|
$secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filter whether the connection is secure.
|
* Filter whether the connection is secure.
|
||||||
|
@ -840,7 +844,7 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
|
||||||
* @param int $user_id User ID.
|
* @param int $user_id User ID.
|
||||||
* @param bool $secure Whether the connection is secure.
|
* @param bool $secure Whether the connection is secure.
|
||||||
*/
|
*/
|
||||||
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', false, $user_id, $secure );
|
$secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
|
||||||
|
|
||||||
if ( $secure ) {
|
if ( $secure ) {
|
||||||
$auth_cookie_name = SECURE_AUTH_COOKIE;
|
$auth_cookie_name = SECURE_AUTH_COOKIE;
|
||||||
|
|
Loading…
Reference in New Issue