From a861d57763454f756b6214e3a07fc07221e8db0b Mon Sep 17 00:00:00 2001 From: Newb I the Newbd Date: Fri, 29 Sep 2017 01:57:14 +0200 Subject: [PATCH] Fixed insecure session cookie initialization (#1656) --- system/src/Grav/Common/Session.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system/src/Grav/Common/Session.php b/system/src/Grav/Common/Session.php index 67aaab5aea..7186768436 100644 --- a/system/src/Grav/Common/Session.php +++ b/system/src/Grav/Common/Session.php @@ -83,6 +83,8 @@ public function init() $session_name .= '-admin'; } $this->setName($session_name); + ini_set('session.cookie_secure', $secure); + ini_set('session.cookie_httponly', $httponly); $this->start(); setcookie(session_name(), session_id(), $session_timeout ? time() + $session_timeout : 0, $session_path, $domain, $secure, $httponly); }