external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use secure and httponly session cookies

Browse source 
As discussed on the mailing list, enable "secure" and "httponly" for
session cookies to prevent them from being transferred over insecure
connections.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-08-11 16:31:25 +02:00
parent 1c9db1d1f1
commit 00e4e0294f
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/lib/acctfuncs.inc.php
View file

@ -658,7 +658,7 @@ function try_login() {
else
$cookie_time = 0;
setcookie("AURSID", $new_sid, $cookie_time, "/");
setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
header("Location: " . $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']);
$login_error = "";