fix siteid cookie to secure

classes/misc/csrf.php

@@ -33,7 +33,7 @@ class csrf {
 
                 setcookie ( self::makeCookieName($page), $token->cookietoken, [
                     'expires' => $token->expiry,
-                    'secure' => false,
+                    'secure' => true,
                     'httponly' => true,
                     'samesite' => 'Strict',
                 ]);

classes/misc/index.php

@@ -21,6 +21,6 @@
     ini_set('session.use_cookies', '1');
     ini_set('session.use_only_cookies', '1');
     ini_set('session.cookie_lifetime', '0');
-    ini_set('session.cookie_secure', '0');
+    ini_set('session.cookie_secure', '1');
     ini_set('session.cookie_httponly', '1');
     ini_set('session.cookie_samesite', 'Strict');