From b1e5569c496a37d519fdf009255b11ab03589c00 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Sun, 23 Jan 2022 21:36:42 +0100
Subject: [PATCH] Added SECURE_ONLY option in session.inc allowing explicit
 switching off https only access.

---
 includes/session.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/session.inc b/includes/session.inc
index a0a59d25..9e559f2d 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -11,6 +11,7 @@
 ***********************************************************************/
 define('VARLIB_PATH', $path_to_root.'/tmp');
 define('VARLOG_PATH', $path_to_root.'/tmp');
+define('SECURE_ONLY', true);
 
 class SessionManager
 {
@@ -397,7 +398,7 @@ foreach ($installed_extensions as $ext)
 ini_set('session.gc_maxlifetime', 36000); // moved from below.
 
 $Session_manager = new SessionManager();
-$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, True);
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, SECURE_ONLY);
 
 $_SESSION['SysPrefs'] = new sys_prefs();
 
-- 
2.30.2