Add a warning about the cookie configuration

[mikeSimonson]

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

• Have you followed our code guidelines?

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926

---

This change is 

[CLAassistant]

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[scrutinizer-notifier]

The inspection completed: No new issues

[laf]

What's the reason for this? We actually setting as part of the authentication cookies. It's not used in install.php though.

[mikeSimonson]

If the httponly setting is set to on in the php configuration the ajax request made in the step of the install where the database is updated brakes.

[murrant]

@mikeSimonson Interesting, could setting that explicitly in install.php fix the issue too? or maybe stop passing the variables from php to javascript.

[laf]

@mikeSimonson Any comment?

[mikeSimonson]

@murrant Maybe it could, I am not really sure that you can taught.

[laf]

@mikeSimonson We set it in https://github.com/librenms/librenms/blob/master/html/includes/authenticate.inc.php#L7 already so seems possible to toggle it on / off in php. Not sure if that overwrites what the user sets in php.ini but it's worth a test.

[laf]

@mikeSimonson bump

[laf]

@mikeSimonson Feel free to comment on this still and we can re-open.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed.