From 27ee3cdc63e6bc8d214e246ede8d2eaf4ee5347b Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Wed, 24 Sep 2008 15:01:17 +0000
Subject: Mark uid/session cookies as httponly (not readable by JS
 document.cookie)

---
 it_user.class | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'it_user.class')

diff --git a/it_user.class b/it_user.class
index 8792ab4..4b0ebc6 100644
--- a/it_user.class
+++ b/it_user.class
@@ -208,7 +208,7 @@ function _set_uid($uid)
 
 	if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid))
 	{
-		@setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain);
+		@setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain, false, true);
 		$_COOKIE[$this->p['uidcookiename']] = $uid;
 	}
 }
-- 
cgit v1.2.3