From 0382dbbfb2c680245cf00045444816bee795f022 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Tue, 11 Jan 2022 20:14:29 +0000
Subject: [PATCH] Small change re https

---
 functions.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/functions.php b/functions.php
index f664fde4..2be719db 100644
--- a/functions.php
+++ b/functions.php
@@ -368,12 +368,13 @@ function generateUserSessionKey($site_encryption_master_key){
     $_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv;
 
     //Give the user "their" key as a cookie
+    //By default, this should be HTTPS but we can change to HTTP for development via the config.php file
     if($config_https_only){
         setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "true", "true");
     }
-    else {
-        // No secure flag
-        setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "false", "true");
+    else{
+        setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/");
+        $_SESSION['alert_message'] = "Unencrypted connection: Using HTTP only.";
     }
 }