On Fri, 2012-12-28 at 15:12 -0500, Robert Moskowitz wrote:
So your little bit would have to change the cookie content so that the browser is informed that this cookie is only to be sent over a secure connection? Only way I see to stop this behavior is for the cookie to be flagged.
<Directory "/usr/share/roundcube"> php_admin_flag session.cookie_secure "1"
<Directory>
If you use multiple virtual hosts, you dont need to put it inside a directory, you can put it in between<virtualhost> ... </virtualhost>
which is still explaind yesterday http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure
Yes, I got that and now 'getting it'. Just nit-picking, you use "1" the manual says boolean with the default of off, so just two ways of representing boolean, numeric or label. In my way of thinking (hey, I am dyslexic) labels reduce confusion because there is only off and on (no maybes) while numeric raise a question of "2"...?
This is because you are not talking directly to php, you are talking to httpd, and asking it to pass onto say mod_php, so it must be in a format that they talk to each other in.
Like If you've ever tried to manipulate error reporting you'll know you
cant use
"php_admin_value error_reporting E_ALL & ~E_NOTICE & ~E_DEPRECATED" -
which will fail, you need to use
"php_admin_value error_reporting 22519" to get the actual effect of
E_ALL & ~E_NOTICE & ~E_DEPRECATED.