Révision fa73c7cd
Ajouté par Renato Botelho il y a presque 10 ans
etc/inc/auth.inc | ||
---|---|---|
1342 | 1342 |
global $HTTP_SERVER_VARS, $config, $_SESSION, $page; |
1343 | 1343 |
|
1344 | 1344 |
// Handle HTTPS httponly and secure flags |
1345 |
if($config['system']['webgui']['protocol'] == "https") { |
|
1346 |
$currentCookieParams = session_get_cookie_params(); |
|
1347 |
session_set_cookie_params( |
|
1348 |
$currentCookieParams["lifetime"], |
|
1349 |
$currentCookieParams["path"], |
|
1350 |
NULL, |
|
1351 |
true, |
|
1352 |
true |
|
1353 |
); |
|
1354 |
} |
|
1345 |
$currentCookieParams = session_get_cookie_params(); |
|
1346 |
session_set_cookie_params( |
|
1347 |
$currentCookieParams["lifetime"], |
|
1348 |
$currentCookieParams["path"], |
|
1349 |
NULL, |
|
1350 |
($config['system']['webgui']['protocol'] == "https"), |
|
1351 |
true |
|
1352 |
); |
|
1355 | 1353 |
|
1356 | 1354 |
if (!session_id()) |
1357 | 1355 |
session_start(); |
Formats disponibles : Unified diff
Always set httponly attribute on cookies