diff options
| author | Christian Schneider | 2008-09-24 15:01:17 +0000 |
|---|---|---|
| committer | Christian Schneider | 2008-09-24 15:01:17 +0000 |
| commit | 27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b (patch) | |
| tree | 34f58f77be92a74540440d6af262c16d7cbb21d3 /it_session.class | |
| parent | 4e20871f1a5d8ad690e742dabb6957763983a6c0 (diff) | |
| download | itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.tar.gz itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.tar.bz2 itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.zip | |
Mark uid/session cookies as httponly (not readable by JS document.cookie)
Diffstat (limited to 'it_session.class')
| -rw-r--r-- | it_session.class | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/it_session.class b/it_session.class index a2300e5..ed99842 100644 --- a/it_session.class +++ b/it_session.class @@ -167,7 +167,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ } - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl); + @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); $_COOKIE[$this->cookiename] = $this->cookie; return $result; @@ -192,7 +192,7 @@ function create_login_identifier() if (!$this->cookie) { $this->cookie = md5(uniqid(rand())); /* random garbage */ - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl); + @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); } $login_identifier = $this->_mkcookie("", $this->cookie); |