diff options
author | Warren Baker <warren@decoy.co.za> | 2012-05-09 19:08:17 +0200 |
---|---|---|
committer | Warren Baker <warren@decoy.co.za> | 2012-05-09 19:08:17 +0200 |
commit | 49ddf9a10ff3379162d437622f664cfe924b4552 (patch) | |
tree | 15584ad626df5773132ef44931d9929bbff77236 /etc | |
parent | 23b1fc49ec450bf6e9e4ef8b0ed72786655ed237 (diff) | |
download | pfsense-49ddf9a10ff3379162d437622f664cfe924b4552.zip pfsense-49ddf9a10ff3379162d437622f664cfe924b4552.tar.gz |
Handle HTTPOnly and Secure flags on cookies
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 5464ecc..2f66f0a 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1288,6 +1288,18 @@ function authenticate_user($username, $password, $authcfg = NULL) { function session_auth() { global $HTTP_SERVER_VARS, $config, $_SESSION, $page; + // Handle HTTPS httponly and secure flags + if($config['system']['webgui']['protocol'] == "https") { + $currentCookieParams = session_get_cookie_params(); + session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + NULL, + true, + true + ); + } + if (!session_id()) session_start(); |