Skip to content

Commit

Permalink
Make CakeSession use httponly by default.
Browse files Browse the repository at this point in the history 
Fixes #2955
  • Loading branch information
@markstory
markstory committed Jun 13, 2012
1 parent f467785 commit f625742
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions lib/Cake/Model/Datasource/CakeSession.php
View file
Expand Up @@ -475,6 +475,9 @@ protected static function _configureSession() {
if (!isset($sessionConfig['ini']['session.gc_maxlifetime'])) {
$sessionConfig['ini']['session.gc_maxlifetime'] = $sessionConfig['timeout'] * 60;
}
if (!isset($sessionConfig['ini']['session.cookie_httponly'])) {
$sessionConfig['ini']['session.cookie_httponly'] = 1;
}

if (empty($_SESSION)) {
if (!empty($sessionConfig['ini']) && is_array($sessionConfig['ini'])) {
Expand Down

0 comments on commit f625742

Please sign in to comment.