mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-02 06:09:00 +02:00
ENHANCEMENT Session::start() forces PHPSESSID cookies to be httpOnly (no access by JS) to improve clientside security
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114567 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
ead9dce351
commit
562eeee790
@ -414,9 +414,9 @@ class Session {
|
|||||||
|
|
||||||
if(!session_id() && !headers_sent()) {
|
if(!session_id() && !headers_sent()) {
|
||||||
if($domain) {
|
if($domain) {
|
||||||
session_set_cookie_params(self::$timeout, $path, $domain);
|
session_set_cookie_params(self::$timeout, $path, $domain, false /* secure */, true /* httponly */);
|
||||||
} else {
|
} else {
|
||||||
session_set_cookie_params(self::$timeout, $path);
|
session_set_cookie_params(self::$timeout, $path, null, false /* secure */, true /* httponly */);
|
||||||
}
|
}
|
||||||
|
|
||||||
// @ is to supress win32 warnings/notices when session wasn't cleaned up properly
|
// @ is to supress win32 warnings/notices when session wasn't cleaned up properly
|
||||||
|
Loading…
Reference in New Issue
Block a user