diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-06-18 07:38:12 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-18 07:38:12 -0300 |
| commit | fa73c7cd8bccadca9970d03f534d4546b06d3adf (patch) | |
| tree | c33f856a0b1a516d4ec290d1d564e3adf265d6fa | |
| parent | ce9d5d7255919b47abf28314dbe6eaa2769a92e4 (diff) | |
| download | pfsense-fa73c7cd8bccadca9970d03f534d4546b06d3adf.zip pfsense-fa73c7cd8bccadca9970d03f534d4546b06d3adf.tar.gz | |
Always set httponly attribute on cookies
| -rw-r--r-- | etc/inc/auth.inc | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index b0051dd..a63ce45 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1342,16 +1342,14 @@ function session_auth() { global $HTTP_SERVER_VARS, $config, $_SESSION, $page; // Handle HTTPS httponly and secure flags - if($config['system']['webgui']['protocol'] == "https") { - $currentCookieParams = session_get_cookie_params(); - session_set_cookie_params( - $currentCookieParams["lifetime"], - $currentCookieParams["path"], - NULL, - true, - true - ); - } + $currentCookieParams = session_get_cookie_params(); + session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + NULL, + ($config['system']['webgui']['protocol'] == "https"), + true + ); if (!session_id()) session_start(); |
