Improve security of PHP session variable by setting HttpOnly flag. Fixes #129.
This commit is contained in:
parent
855079b438
commit
d17925a662
|
@ -32,6 +32,7 @@
|
|||
- Improved the search engine indexing algorithm. It now shouldn't choke on certain special characters (`[]{}|`) and will treat them as word boundaries.
|
||||
- Fixed tag links at the bottom of pages for tags with a single quote (`'`) in them.
|
||||
- Correct error message when attempting to move a page
|
||||
- Improved security of PHP session cookie by setting HttpOnly flag.
|
||||
|
||||
## v0.12.1
|
||||
|
||||
|
|
|
@ -357,7 +357,7 @@ $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files
|
|||
|
||||
session_start();
|
||||
// Make sure that the login cookie lasts beyond the end of the user's session
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime, "", "", false, true);
|
||||
///////// Login System /////////
|
||||
// Clear expired sessions
|
||||
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
||||
|
|
2
core.php
2
core.php
|
@ -39,7 +39,7 @@ $paths->upload_file_prefix = "Files/"; // The prefix to add to uploaded files
|
|||
|
||||
session_start();
|
||||
// Make sure that the login cookie lasts beyond the end of the user's session
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
||||
setcookie(session_name(), session_id(), time() + $settings->sessionlifetime, "", "", false, true);
|
||||
///////// Login System /////////
|
||||
// Clear expired sessions
|
||||
if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
||||
|
|
Loading…
Reference in New Issue