Revision fa73c7cd
Added by Renato Botelho about 11 years ago
| etc/inc/auth.inc | ||
|---|---|---|
| 1342 | 1342 |
global $HTTP_SERVER_VARS, $config, $_SESSION, $page; |
| 1343 | 1343 |
|
| 1344 | 1344 |
// Handle HTTPS httponly and secure flags |
| 1345 |
if($config['system']['webgui']['protocol'] == "https") {
|
|
| 1346 |
$currentCookieParams = session_get_cookie_params(); |
|
| 1347 |
session_set_cookie_params( |
|
| 1348 |
$currentCookieParams["lifetime"], |
|
| 1349 |
$currentCookieParams["path"], |
|
| 1350 |
NULL, |
|
| 1351 |
true, |
|
| 1352 |
true |
|
| 1353 |
); |
|
| 1354 |
} |
|
| 1345 |
$currentCookieParams = session_get_cookie_params(); |
|
| 1346 |
session_set_cookie_params( |
|
| 1347 |
$currentCookieParams["lifetime"], |
|
| 1348 |
$currentCookieParams["path"], |
|
| 1349 |
NULL, |
|
| 1350 |
($config['system']['webgui']['protocol'] == "https"), |
|
| 1351 |
true |
|
| 1352 |
); |
|
| 1355 | 1353 |
|
| 1356 | 1354 |
if (!session_id()) |
| 1357 | 1355 |
session_start(); |
Also available in: Unified diff
Always set httponly attribute on cookies