Add httponly flag to cookies.
This commit is contained in:
parent
fb1a0d6d25
commit
8b45cb4496
3 changed files with 8 additions and 6 deletions
|
@ -284,7 +284,7 @@ class CI_Input {
|
||||||
$expire = ($expire > 0) ? time() + $expire : 0;
|
$expire = ($expire > 0) ? time() + $expire : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
setcookie($prefix.$name, $value, $expire, $path, $domain, $secure);
|
setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, true
|
||||||
}
|
}
|
||||||
|
|
||||||
// --------------------------------------------------------------------
|
// --------------------------------------------------------------------
|
||||||
|
|
|
@ -190,7 +190,7 @@ class CI_Security {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
|
setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie, true);
|
||||||
|
|
||||||
log_message('debug', "CRSF cookie Set");
|
log_message('debug', "CRSF cookie Set");
|
||||||
|
|
||||||
|
|
|
@ -429,7 +429,8 @@ class CI_Session {
|
||||||
($this->now - 31500000),
|
($this->now - 31500000),
|
||||||
$this->cookie_path,
|
$this->cookie_path,
|
||||||
$this->cookie_domain,
|
$this->cookie_domain,
|
||||||
0
|
0,
|
||||||
|
true
|
||||||
);
|
);
|
||||||
|
|
||||||
// Kill session data
|
// Kill session data
|
||||||
|
@ -685,7 +686,8 @@ class CI_Session {
|
||||||
$expire,
|
$expire,
|
||||||
$this->cookie_path,
|
$this->cookie_path,
|
||||||
$this->cookie_domain,
|
$this->cookie_domain,
|
||||||
$this->cookie_secure
|
$this->cookie_secure,
|
||||||
|
true
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue