Unverified Commit 3be51d3e by Scott Committed by GitHub

Merge pull request #830 from gturri/dev

Increase security by setting the httpOnly flag to session cookie
parents 1af307eb da1891b1
...@@ -157,6 +157,7 @@ if (QA_FINAL_EXTERNAL_USERS) { ...@@ -157,6 +157,7 @@ if (QA_FINAL_EXTERNAL_USERS) {
@ini_set('session.gc_maxlifetime', 86400); // worth a try, but won't help in shared hosting environment @ini_set('session.gc_maxlifetime', 86400); // worth a try, but won't help in shared hosting environment
@ini_set('session.use_trans_sid', false); // sessions need cookies to work, since we redirect after login @ini_set('session.use_trans_sid', false); // sessions need cookies to work, since we redirect after login
@ini_set('session.cookie_domain', QA_COOKIE_DOMAIN); @ini_set('session.cookie_domain', QA_COOKIE_DOMAIN);
@ini_set('session.cookie_httponly', true);
if (!isset($_SESSION)) if (!isset($_SESSION))
session_start(); session_start();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment