fixes #1795 - set secure flag in login cookie when https (or reverse proxy)

git-svn-id: http://dev.piwik.org/svn/trunk@3286 59fd770c-687e-43c8-a1e3-f5a4ff64c105

1 files changed, 53 insertions, 2 deletions

diff --git a/core/Cookie.php b/core/Cookie.php
index 98a055a6d1..94ee0358cc 100644
--- a/core/Cookie.php
+++ b/core/Cookie.php
@@ -34,7 +34,28 @@ class Piwik_Cookie
 	 * The expire time for the cookie (expressed in UNIX Timestamp)
 	 */
 	protected $expire = null;
-	
+
+	/**
+	 * Restrict cookie path
+	 */
+	protected $path = '';
+
+	/**
+	 * Restrict cookie to a domain (or subdomains)
+	 */
+	protected $domain = '';
+
+	/**
+	 * If true, cookie should only be transmitted over secure HTTPS
+	 */
+	protected $secure = false;
+
+	/**
+	 * If true, cookie will only be made available via the HTTP protocol.
+	 * Note: not well supported by browsers.
+	 */
+	protected $httponly = false;
+
 	/**
 	 * The content of the cookie
 	 */
@@ -158,7 +179,7 @@ class Piwik_Cookie
 		}
 		
 		$this->setP3PHeader();
-		$this->setCookie( $this->name, $cookieString, $this->expire, $this->path);
+		$this->setCookie($this->name, $cookieString, $this->expire, $this->path, $this->domain, $this->secure, $this->httponly);
 	}
 
 	/**
@@ -247,6 +268,36 @@ class Piwik_Cookie
 
 		return '';
 	}
+
+	/**
+	 * Set cookie domain
+	 *
+	 * @param string $domain
+	 */
+	public function setDomain($domain)
+	{
+		$this->domain = $domain;
+	}
+	
+	/**
+	 * Set secure flag
+	 *
+	 * @param bool $secure
+	 */
+	public function setSecure($secure)
+	{
+		$this->secure = $secure;
+	}
+	
+	/**
+	 * Set HTTP only
+	 *
+	 * @param bool $httponly
+	 */
+	public function setHttpOnly($httponly)
+	{
+		$this->httponly = $httponly;
+	}
 	
 	/**
 	 * Registers a new name => value association in the cookie.