Fixed httponly

C3realGuy · Jul 27, 2015 · 71a0663 · 71a0663
1 parent 529c041
commit 71a0663
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/core/app/Class-System.php b/core/app/Class-System.php
@@ -265,7 +265,7 @@ protected static function init_user()
 			{
 				loadSource('Subs-Auth');
 				$cookie_url = url_parts(!empty($settings['localCookies']), !empty($settings['globalCookies']));
-				setcookie('guest_skin', '', time() - 3600, $cookie_url[1], $cookie_url[0], 0);
+				setcookie('guest_skin', '', time() - 3600, $cookie_url[1], $cookie_url[0], 0, true);
 			}
 		}
 

diff --git a/core/app/Load.php b/core/app/Load.php
@@ -2220,6 +2220,7 @@ function loadSession()
 	ini_set('url_rewriter.tags', '');
 	ini_set('session.use_trans_sid', false);
 	ini_set('arg_separator.output', '&amp;');
+	ini_set('session.cookie_httponly', 1);
 
 	if (!empty($settings['globalCookies']))
 	{

diff --git a/core/app/Themes.php b/core/app/Themes.php
@@ -278,7 +278,7 @@ function PickTheme()
 		{
 			loadSource('Subs-Auth');
 			$cookie_url = url_parts(!empty($settings['localCookies']), !empty($settings['globalCookies']));
-			setcookie('guest_skin', $skin, $skin ? time() + 3600 * 24 * 365 : time() - 3600, $cookie_url[1], $cookie_url[0], 0);
+			setcookie('guest_skin', $skin, $skin ? time() + 3600 * 24 * 365 : time() - 3600, $cookie_url[1], $cookie_url[0], 0, true);
 			redirectexit(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'action=skin');
 		}