Commit 86571982 by Sina Mashek

Enable HttpOnly on all cookies and encrypt where required

1 parent 1638c464
......@@ -300,6 +300,7 @@ function common_ensure_session()
if (isset($id)) {
session_id($id);
}
session_set_cookie_params(0, '/', '', postActiv::useHTTPS(), true);
@session_start();
if (!isset($_SESSION['started'])) {
$_SESSION['started'] = time();
......@@ -367,7 +368,8 @@ function common_set_cookie($key, $value, $expiration=0)
$expiration,
$cookiepath,
$server,
postActiv::useHTTPS());
postActiv::useHTTPS(),
true);
}
define('REMEMBERME', 'rememberme');
......@@ -2643,4 +2645,4 @@ function _ve($var)
{
return var_export($var, true);
}
?>
\ No newline at end of file
?>
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!