Révision 16789caa
Ajouté par Renato Botelho il y a presque 10 ans
| etc/inc/auth.inc | ||
|---|---|---|
| 1347 | 1347 |
global $config, $_SESSION, $page; |
| 1348 | 1348 |
|
| 1349 | 1349 |
// Handle HTTPS httponly and secure flags |
| 1350 |
if($config['system']['webgui']['protocol'] == "https") {
|
|
| 1351 |
$currentCookieParams = session_get_cookie_params(); |
|
| 1352 |
session_set_cookie_params( |
|
| 1353 |
$currentCookieParams["lifetime"], |
|
| 1354 |
$currentCookieParams["path"], |
|
| 1355 |
NULL, |
|
| 1356 |
true, |
|
| 1357 |
true |
|
| 1358 |
); |
|
| 1359 |
} |
|
| 1350 |
$currentCookieParams = session_get_cookie_params(); |
|
| 1351 |
session_set_cookie_params( |
|
| 1352 |
$currentCookieParams["lifetime"], |
|
| 1353 |
$currentCookieParams["path"], |
|
| 1354 |
NULL, |
|
| 1355 |
($config['system']['webgui']['protocol'] == "https"), |
|
| 1356 |
true |
|
| 1357 |
); |
|
| 1360 | 1358 |
|
| 1361 | 1359 |
if (!session_id()) |
| 1362 | 1360 |
session_start(); |
Formats disponibles : Unified diff
Always set httponly attribute on cookies