From a2b70b49b8ea50dc95224336e7109631ca96671f Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Thu, 1 Aug 2013 20:06:31 +0000
Subject: [PATCH] Ensure cookie path is set for the session cookie

---
 include/class.osticket.php | 10 ++++++++++
 main.inc.php               |  6 ++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/include/class.osticket.php b/include/class.osticket.php
index 671bdca4b..2c8fcc923 100644
--- a/include/class.osticket.php
+++ b/include/class.osticket.php
@@ -352,6 +352,16 @@ class osTicket {
         return null;
     }
 
+    /**
+     * Returns TRUE if the request was made via HTTPS and false otherwise
+     */
+    function is_https() {
+        return (isset($_SERVER['HTTPS'])
+                && strtolower($_SERVER['HTTPS']) == 'on')
+            || (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
+                && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https');
+    }
+
     /* returns true if script is being executed via commandline */
     function is_cli() {
         return (!strcasecmp(substr(php_sapi_name(), 0, 3), 'cli')
diff --git a/main.inc.php b/main.inc.php
index 062c1d139..5ea6cc97f 100644
--- a/main.inc.php
+++ b/main.inc.php
@@ -34,8 +34,6 @@
     ini_set('session.use_trans_sid', 0);
     #No cache
     session_cache_limiter('nocache');
-    #Cookies
-    //ini_set('session.cookie_path','/osticket/');
 
     #Error reporting...Good idea to ENABLE error reporting to a file. i.e display_errors should be set to false
     $error_reporting = E_ALL & ~E_NOTICE;
@@ -128,6 +126,10 @@
     else
         require(INCLUDE_DIR.'mysql.php');
 
+    #Cookies
+    session_set_cookie_params(86400, dirname($_SERVER['PHP_SELF']),
+        $_SERVER['HTTP_HOST'], osTicket::is_https());
+
     #CURRENT EXECUTING SCRIPT.
     define('THISPAGE', Misc::currentURL());
     define('THISURI', $_SERVER['REQUEST_URI']);
-- 
GitLab