Permalink
Browse files

issue: Httponly Cookies

This addresses issue 4015 where osTicket’s cookies aren’t HttpOnly by
default. The HttpOnly flag helps prevent client scripts accessing the
cookie. This updates the method that sets the cookie params to include
the HttpOnly flag.
  • Loading branch information...
JediKev committed Oct 19, 2017
1 parent acac370 commit 5b2dfce98ac05a68543b7603f3d46afafc09086d
Showing with 1 addition and 1 deletion.
  1. +1 −1 include/class.ostsession.php
@@ -53,7 +53,7 @@ function __construct($ttl=0){
list($domain) = explode(':', $_SERVER['HTTP_HOST']);
session_set_cookie_params($ttl, ROOT_PATH, $domain,
osTicket::is_https());
osTicket::is_https(), true);
if (!defined('SESSION_BACKEND'))
define('SESSION_BACKEND', 'db');

0 comments on commit 5b2dfce

Please sign in to comment.