summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorWarren Baker <warren@decoy.co.za>2012-05-09 19:08:17 +0200
committerWarren Baker <warren@decoy.co.za>2012-05-09 19:51:59 +0200
commitddb71e4cd16c7e0e3188202161003e2fd542f604 (patch)
treecdf33e96a1ff2f2baf8e2d90df0e44a72367099f /etc
parent30274157b2361f0fac14f0eaa86ae08dc02678a7 (diff)
downloadpfsense-ddb71e4cd16c7e0e3188202161003e2fd542f604.zip
pfsense-ddb71e4cd16c7e0e3188202161003e2fd542f604.tar.gz
Handle HTTPOnly and Secure flags on cookies
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/auth.inc12
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index a002758..26f0497 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -1260,6 +1260,18 @@ function authenticate_user($username, $password, $authcfg = NULL) {
function session_auth() {
global $HTTP_SERVER_VARS, $config, $_SESSION, $page;
+ // Handle HTTPS httponly and secure flags
+ if($config['system']['webgui']['protocol'] == "https") {
+ $currentCookieParams = session_get_cookie_params();
+ session_set_cookie_params(
+ $currentCookieParams["lifetime"],
+ $currentCookieParams["path"],
+ NULL,
+ true,
+ true
+ );
+ }
+
if (!session_id())
session_start();
OpenPOWER on IntegriCloud