From 69c39f8a23229da0a00acdef88b4e614ae28649f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 14 Dec 2016 14:39:44 -0500 Subject: [PATCH] set http_only flag in cookie settings --- web/index.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/web/index.php b/web/index.php index 4beaaa985..77094252d 100644 --- a/web/index.php +++ b/web/index.php @@ -112,6 +112,16 @@ if ( !file_exists( ZM_SKIN_PATH ) ) require_once( ZM_SKIN_PATH.'/includes/init.php' ); $skinBase[] = $skin; +$currentCookieParams = session_get_cookie_params(); +Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); +session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + $currentCookieParams["domain"], + $currentCookieParams["secure"], + true +); + ini_set( "session.name", "ZMSESSID" ); session_start();