Commit 3926b3b7 by Maiyannah Bishop

Merge branch 'secure_cookies' into 'nightly'

Enable HttpOnly on all cookies and encrypt where required

See merge request !47
2 parents 1638c464 86571982
......@@ -300,6 +300,7 @@ function common_ensure_session()
if (isset($id)) {
session_id($id);
}
session_set_cookie_params(0, '/', '', postActiv::useHTTPS(), true);
@session_start();
if (!isset($_SESSION['started'])) {
$_SESSION['started'] = time();
......@@ -367,7 +368,8 @@ function common_set_cookie($key, $value, $expiration=0)
$expiration,
$cookiepath,
$server,
postActiv::useHTTPS());
postActiv::useHTTPS(),
true);
}
define('REMEMBERME', 'rememberme');
......@@ -2643,4 +2645,4 @@ function _ve($var)
{
return var_export($var, true);
}
?>
\ No newline at end of file
?>
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!