diff options
author | Warren Baker <warren@decoy.co.za> | 2012-05-09 19:08:17 +0200 |
---|---|---|
committer | Warren Baker <warren@decoy.co.za> | 2012-05-09 19:51:59 +0200 |
commit | ddb71e4cd16c7e0e3188202161003e2fd542f604 (patch) | |
tree | cdf33e96a1ff2f2baf8e2d90df0e44a72367099f | |
parent | 30274157b2361f0fac14f0eaa86ae08dc02678a7 (diff) | |
download | pfsense-ddb71e4cd16c7e0e3188202161003e2fd542f604.zip pfsense-ddb71e4cd16c7e0e3188202161003e2fd542f604.tar.gz |
Handle HTTPOnly and Secure flags on cookies
-rw-r--r-- | etc/inc/auth.inc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index a002758..26f0497 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1260,6 +1260,18 @@ function authenticate_user($username, $password, $authcfg = NULL) { function session_auth() { global $HTTP_SERVER_VARS, $config, $_SESSION, $page; + // Handle HTTPS httponly and secure flags + if($config['system']['webgui']['protocol'] == "https") { + $currentCookieParams = session_get_cookie_params(); + session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + NULL, + true, + true + ); + } + if (!session_id()) session_start(); |