diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-06-18 07:38:12 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-18 07:38:24 -0300 |
| commit | 16789caa901f2415da67b10ba6da9eb19e870de8 (patch) | |
| tree | 1aa54b0f1fb88a56bbda9bafa90461155d086014 /etc/inc | |
| parent | 56bd203593d451dd4d42370fe79ac1e3594fb17e (diff) | |
| download | pfsense-16789caa901f2415da67b10ba6da9eb19e870de8.zip pfsense-16789caa901f2415da67b10ba6da9eb19e870de8.tar.gz | |
Always set httponly attribute on cookies
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/auth.inc | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 9cc77ce..80471fe 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1347,16 +1347,14 @@ function session_auth() { global $config, $_SESSION, $page; // Handle HTTPS httponly and secure flags - if($config['system']['webgui']['protocol'] == "https") { - $currentCookieParams = session_get_cookie_params(); - session_set_cookie_params( - $currentCookieParams["lifetime"], - $currentCookieParams["path"], - NULL, - true, - true - ); - } + $currentCookieParams = session_get_cookie_params(); + session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + NULL, + ($config['system']['webgui']['protocol'] == "https"), + true + ); if (!session_id()) session_start(); |
