set http_only flag in cookie settings

This commit is contained in:
Isaac Connor 2016-12-14 14:39:44 -05:00
parent 1c948d5f8d
commit 69c39f8a23
1 changed files with 10 additions and 0 deletions

View File

@ -112,6 +112,16 @@ if ( !file_exists( ZM_SKIN_PATH ) )
require_once( ZM_SKIN_PATH.'/includes/init.php' ); require_once( ZM_SKIN_PATH.'/includes/init.php' );
$skinBase[] = $skin; $skinBase[] = $skin;
$currentCookieParams = session_get_cookie_params();
Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)');
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$currentCookieParams["domain"],
$currentCookieParams["secure"],
true
);
ini_set( "session.name", "ZMSESSID" ); ini_set( "session.name", "ZMSESSID" );
session_start(); session_start();