Use secure and http cookies
This commit is contained in:
Mike Jolley
parent
f41fb6d938
commit
ccc5805632
|
|
@ -129,11 +129,21 @@ class WC_Session_Handler extends WC_Session {
|
|||
$this->_has_cookie = true;
|
||||
|
||||
if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) {
|
||||
wc_setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, apply_filters( 'wc_session_use_secure_cookie', false ) );
|
||||
wc_setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Should the session cookie be secure?
|
||||
*
|
||||
* @since 3.6.0
|
||||
* @return bool
|
||||
*/
|
||||
protected function use_secure_cookie() {
|
||||
return apply_filters( 'wc_session_use_secure_cookie', wc_site_is_https() && is_ssl() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Return true if the current user has an active session, i.e. a cookie to retrieve values.
|
||||
*
|
||||
|
|
@ -258,7 +268,7 @@ class WC_Session_Handler extends WC_Session {
|
|||
* Forget all session data without destroying it.
|
||||
*/
|
||||
public function forget_session() {
|
||||
wc_setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, apply_filters( 'wc_session_use_secure_cookie', false ) );
|
||||
wc_setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true );
|
||||
|
||||
wc_empty_cart();
|
||||
|
||||
|
|
|
|||
|
|
@ -869,10 +869,11 @@ function wc_print_js() {
|
|||
* @param string $value Value of the cookie.
|
||||
* @param integer $expire Expiry of the cookie.
|
||||
* @param bool $secure Whether the cookie should be served only over https.
|
||||
* @param bool $httponly Whether the cookie is only accessible over HTTP, not scripting languages like JavaScript. @since 3.6.0
|
||||
*/
|
||||
function wc_setcookie( $name, $value, $expire = 0, $secure = false ) {
|
||||
function wc_setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) {
|
||||
if ( ! headers_sent() ) {
|
||||
setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'woocommerce_cookie_httponly', false, $name, $value, $expire, $secure ) );
|
||||
setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'woocommerce_cookie_httponly', $httponly, $name, $value, $expire, $secure ) );
|
||||
} elseif ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
|
||||
headers_sent( $file, $line );
|
||||
trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine
|
||||
|
|
|
|||
Loading…
Reference in New Issue