set http_only flag in cookie settings
This commit is contained in:
parent
1c948d5f8d
commit
69c39f8a23
|
@ -112,6 +112,16 @@ if ( !file_exists( ZM_SKIN_PATH ) )
|
||||||
require_once( ZM_SKIN_PATH.'/includes/init.php' );
|
require_once( ZM_SKIN_PATH.'/includes/init.php' );
|
||||||
$skinBase[] = $skin;
|
$skinBase[] = $skin;
|
||||||
|
|
||||||
|
$currentCookieParams = session_get_cookie_params();
|
||||||
|
Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)');
|
||||||
|
session_set_cookie_params(
|
||||||
|
$currentCookieParams["lifetime"],
|
||||||
|
$currentCookieParams["path"],
|
||||||
|
$currentCookieParams["domain"],
|
||||||
|
$currentCookieParams["secure"],
|
||||||
|
true
|
||||||
|
);
|
||||||
|
|
||||||
ini_set( "session.name", "ZMSESSID" );
|
ini_set( "session.name", "ZMSESSID" );
|
||||||
|
|
||||||
session_start();
|
session_start();
|
||||||
|
|
Loading…
Reference in New Issue