From 2742410e4b05b163e7d18e2c0ecb0323fdbafd3a Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Tue, 11 Jan 2022 19:44:21 +0000
Subject: [PATCH] http/https encryption cookie

---
 functions.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/functions.php b/functions.php
index 355fa732..f664fde4 100644
--- a/functions.php
+++ b/functions.php
@@ -368,7 +368,13 @@ function generateUserSessionKey($site_encryption_master_key){
     $_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv;
 
     //Give the user "their" key as a cookie
-    setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "true", "true");
+    if($config_https_only){
+        setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "true", "true");
+    }
+    else {
+        // No secure flag
+        setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "false", "true");
+    }
 }
 
 //Decrypts an encrypted password (website/asset login), returns it as a string