Add httponly flag to cookies.

This commit is contained in:
Misha Tavkhelidze 2015-06-04 13:27:51 +04:00
parent fb1a0d6d25
commit e327358221
3 changed files with 8 additions and 6 deletions

View file

@ -284,7 +284,7 @@ class CI_Input {
$expire = ($expire > 0) ? time() + $expire : 0;
}
setcookie($prefix.$name, $value, $expire, $path, $domain, $secure);
setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, true);
}
// --------------------------------------------------------------------

View file

@ -190,7 +190,7 @@ class CI_Security {
return FALSE;
}
setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie, true);
log_message('debug', "CRSF cookie Set");

View file

@ -429,7 +429,8 @@ class CI_Session {
($this->now - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
0,
true
);
// Kill session data
@ -685,7 +686,8 @@ class CI_Session {
$expire,
$this->cookie_path,
$this->cookie_domain,
$this->cookie_secure
$this->cookie_secure,
true
);
}