Merge pull request laravel#1850 from rk/patch-1

taylorotwell · taylorotwell · commit 936160f90758 · 2013-04-06T18:27:53.000-07:00
Check application.ssl when setting a secure cookie
diff --git a/laravel/cookie.php b/laravel/cookie.php
@@ -82,6 +82,10 @@ public static function put($name, $value, $expiration = 0, $path = '/', $domain
 
 		$value = static::hash($value).'+'.$value;
 
+		// If the developer has explicitly disabled SLL, then we shouldn't force
+		// this cookie over SSL.
+		$secure = $secure && Config::get('application.ssl');
+
 		// If the secure option is set to true, yet the request is not over HTTPS
 		// we'll throw an exception to let the developer know that they are
 		// attempting to send a secure cookie over the insecure HTTP.
