Change Context::isAlwaysSSL() to config('session.use_ssl_cookies')

- Main session cookie is httpOnly if use_ssl is true
- SSO cookie is always httpOnly

common/framework/session.php

@@ -80,7 +80,7 @@ class Session
 		ini_set('session.use_cookies', 1);
 		ini_set('session.use_only_cookies', 1);
 		ini_set('session.use_strict_mode', 1);
-		session_set_cookie_params($lifetime, $path, null, $ssl_only, true);
+		session_set_cookie_params($lifetime, $path, null, $ssl_only, $ssl_only);
 		session_name($session_name = Config::get('session.name') ?: session_name());
 		
 		// Get session ID from POST parameter if using relaxed key checks.
@@ -295,7 +295,7 @@ class Session
 		if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
 		{
 			// Set sso cookie to prevent multiple simultaneous SSO validation requests.
-			setcookie('sso', md5($current_domain), 0, '/', null, \Context::isAlwaysSSL(), true);
+			setcookie('sso', md5($current_domain), 0, '/', null, !!config('session.use_ssl'), true);
 			
 			// Redirect to the default site.
 			$sso_request = Security::encrypt($current_url);

common/js/common.js

@@ -1056,7 +1056,7 @@ function setCookie(name, value, expire, path) {
 	var s_cookie = name + "=" + escape(value) +
 		((!expire) ? "" : ("; expires=" + expire.toGMTString())) +
 		"; path=" + ((!path) ? "/" : path) + 
-		((enforce_ssl) ? ";secure" : "");
+		((cookies_ssl) ? ";secure" : "");
 
 	document.cookie = s_cookie;
 }

common/tpl/common_layout.html

@@ -55,7 +55,8 @@
 	var current_mid = {json_encode($mid ?: null)};
 	var http_port = {Context::get("_http_port") ?: 'null'};
 	var https_port = {Context::get("_https_port") ?: 'null'};
-	var enforce_ssl = {Context::get('_use_ssl') === 'always' ? 'true' : 'false'};
+	var enforce_ssl = {$site_module_info->security === 'always' ? 'true' : 'false'};
+	var cookies_ssl = {config('session.use_ssl_cookies') ? 'true' : 'false'};
 	var ssl_actions = {json_encode(array_keys(Context::getSSLActions()))};
 	var xeVid = null;
 </script>