@@ -68,6 +68,14 @@ class Cookie {
$expiration = time() + ($expiration * 60);
}
+ // If the secure option is set to true, yet the request is not over HTTPS
+ // we'll throw an exception to let the developer know that they are
+ // attempting to send a secure cookie over the unsecure HTTP.
+ if ($secure and ! Request::secure())
+ {
+ throw new \Exception("Attempting to set secure cookie over HTTP.");
+ }
+
static::$jar[$name] = compact('name', 'value', 'expiration', 'path', 'domain', 'secure');
Taylor Otwell