Don't enable secure cookies when they won't work (#9971)

* Ignore session.cookie_secure errors
They happen if the session is already started.

* Don't allow secure cookies to be enabled when not accessing via https

* Completely remove the setting

LibreNMS/Config.php

@@ -442,10 +442,6 @@ class Config
             self::set('email_from', '"' . self::get('project_name') . '" <' . self::get('email_user') . '@' . php_uname('n') . '>');
         }
 
-        if (self::get('secure_cookies')) {
-            ini_set('session.cookie_secure', 1);
-        }
-
         // If we're on SSL, let's properly detect it
         if (isset($_SERVER['HTTPS'])) {
             self::set('base_url', preg_replace('/^http:/', 'https:', self::get('base_url')));

doc/General/Security.md

@@ -13,9 +13,6 @@ a firewall or VPN.
 It is also highly recommended that the Web interface is protected with an SSL certificate such as ones 
 provided by [LetsEncrypt](http://www.letsencrypt.org).
 
-When using HTTPS, it is recommended that you use secure, encrypted cookies to prevent session
-hijacking attacks. Set ``$config['secure_cookies'] = true;`` in ``config.php`` to enable these.
-
 Please ensure you keep your install [up to date](Updating.md).
 
 ### Reporting vulnerabilities

includes/defaults.inc.php

@@ -988,13 +988,6 @@ $config['xirrus_disable_stations']  = false;
 // Graphite default port
 $config['graphite']['port']         = 2003;
 
-// Whether to enable secure cookies. Setting this to true enable secure cookies
-// and only send them over HTTPS. Setting this to false will send cookies over
-// HTTP and HTTPS, but they will be insecure. Setting this to $_SERVER["HTTPS"]
-// will send secure cookies when the site is being accessed over HTTPS, and
-// send insecure cookies when the site is being accessed over HTTP.
-$config['secure_cookies'] = isset($_SERVER["HTTPS"]) ? $_SERVER["HTTPS"] : false;
-
 // API config
 $config['api']['cors']['enabled'] = false;
 $config['api']['cors']['origin'] = '*';