Mark uid/session cookies as httponly (not readable by JS document.cookie)

author: Christian Schneider 2008-09-24 15:01:17 +0000
committer: Christian Schneider 2008-09-24 15:01:17 +0000
commit: 27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b (patch)
tree: 34f58f77be92a74540440d6af262c16d7cbb21d3 /it_user.class
parent: 4e20871f1a5d8ad690e742dabb6957763983a6c0 (diff)
download: itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.tar.gz
itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.tar.bz2
itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/it_user.class b/it_user.class
index 8792ab4..4b0ebc6 100644
--- a/it_user.class
+++ b/it_user.class
@@ -208,7 +208,7 @@ function _set_uid($uid)
 
 	if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid))
 	{
-		@setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain);
+		@setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain, false, true);
 		$_COOKIE[$this->p['uidcookiename']] = $uid;
 	}
 }
author	Christian Schneider	2008-09-24 15:01:17 +0000
committer	Christian Schneider	2008-09-24 15:01:17 +0000
commit	27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b (patch)
tree	34f58f77be92a74540440d6af262c16d7cbb21d3 /it_user.class
parent	4e20871f1a5d8ad690e742dabb6957763983a6c0 (diff)
download	itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.tar.gz itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.tar.bz2 itools-27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b.zip