Skip to content

Commit

Permalink
Fixed insecure session cookie initialization (#1656)
Browse files Browse the repository at this point in the history
  • Loading branch information
@newbthenewbd @rhukster
newbthenewbd authored and rhukster committed Sep 28, 2017
1 parent a4ab5d9 commit a861d57
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions system/src/Grav/Common/Session.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ public function init()
$session_name .= '-admin';
}
$this->setName($session_name);
ini_set('session.cookie_secure', $secure);
ini_set('session.cookie_httponly', $httponly);
$this->start();
setcookie(session_name(), session_id(), $session_timeout ? time() + $session_timeout : 0, $session_path, $domain, $secure, $httponly);
}
Expand Down

0 comments on commit a861d57

Please sign in to comment.