Ensure cookie path is set for the session cookie

include/class.osticket.php

@@ -352,6 +352,16 @@ class osTicket {
         return null;
     }
 
+    /**
+     * Returns TRUE if the request was made via HTTPS and false otherwise
+     */
+    function is_https() {
+        return (isset($_SERVER['HTTPS'])
+                && strtolower($_SERVER['HTTPS']) == 'on')
+            || (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
+                && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https');
+    }
+
     /* returns true if script is being executed via commandline */
     function is_cli() {
         return (!strcasecmp(substr(php_sapi_name(), 0, 3), 'cli')

main.inc.php

@@ -34,8 +34,6 @@
     ini_set('session.use_trans_sid', 0);
     #No cache
     session_cache_limiter('nocache');
-    #Cookies
-    //ini_set('session.cookie_path','/osticket/');
 
     #Error reporting...Good idea to ENABLE error reporting to a file. i.e display_errors should be set to false
     $error_reporting = E_ALL & ~E_NOTICE;
@@ -128,6 +126,10 @@
     else
         require(INCLUDE_DIR.'mysql.php');
 
+    #Cookies
+    session_set_cookie_params(86400, dirname($_SERVER['PHP_SELF']),
+        $_SERVER['HTTP_HOST'], osTicket::is_https());
+
     #CURRENT EXECUTING SCRIPT.
     define('THISPAGE', Misc::currentURL());
     define('THISURI', $_SERVER['REQUEST_URI']);