Skip to content

Commit

Permalink
Flag session cookies with HttpOnly by default
Browse files Browse the repository at this point in the history 
Closes #215
  • Loading branch information
@jorgelzpz
jorgelzpz committed Jul 3, 2017
1 parent 87c5771 commit 6a5cc4c
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

- Use npm to download dependencies instead of using bower
- Upgrade Symfony components to 2.8.22
- Session cookies are now marked with HttpOnly flag by default (#215)

## [2.2.0] - 2017-05-23

Expand Down
1 change: 1 addition & 0 deletions ansible/agendav/settings.php.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,4 +81,5 @@ $app['session.storage.options'] = [
'gc_divisor' => 10,
'gc_maxlifetime' => 1200,
'lifetime' => 1200,
'cookie_httponly' => true,
];
1 change: 1 addition & 0 deletions web/config/prod.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
// You should not change cookie_lifetime. Change 'gc_divisor', 'gc_maxlifetime' and other
// session related settings (http://php.net/session.configuration)
'cookie_lifetime' => 0,
'cookie_httponly' => true,
];

// Languages
Expand Down

0 comments on commit 6a5cc4c

Please sign in to comment.