fixing session coockie to set to http only and secure

app-code/api/utils/security.php

@@ -6,14 +6,11 @@ function secure_session_start(): void
         return;
     }
 
-    $is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
-        || (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
-
     session_set_cookie_params([
         'lifetime' => 0,
         'path' => '/',
         'domain' => '',
-        'secure' => $is_https,
+        'secure' => true,
         'httponly' => true,
         'samesite' => 'Lax',
     ]);
@@ -245,13 +242,10 @@ function clear_rate_limit(mysqli $conn, string $bucket, string $identifier = '')
 
 function set_secure_cookie(string $name, string $value, int $expires): void
 {
-    $is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
-        || (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
-
     setcookie($name, $value, [
         'expires' => $expires,
         'path' => '/',
-        'secure' => $is_https,
+        'secure' => true,
         'httponly' => true,
         'samesite' => 'Lax',
     ]);

app-code/plugins/auth.php

@@ -35,6 +35,13 @@ $data = json_decode($response, true);
 if (isset($data['status'])) {
     if ($data['status'] == "success") {
         // Successful authentication: login the user
+        session_set_cookie_params([
+            'lifetime' => 0,
+            'path' => '/',
+            'secure' => true,
+            'httponly' => true,
+            'samesite' => 'Lax',
+        ]);
         session_start();
         $_SESSION["username"] = $data["username"];
         $_SESSION["id"] = $data["id"];