Use secure and httponly session cookies

As discussed on the mailing list, enable "secure" and "httponly" for session cookies to prevent them from being transferred over insecure connections. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2011-08-11 16:31:25 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2011-08-12 00:09:24 +0200
commit: 00e4e0294f36f8e4a0c5926efdc16b31fcb4c788 (patch)
tree: 3ca217b603aee394fa328b5c81269d52bf24d6be /web/html/logout.php
parent: 1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (diff)
download: aur-00e4e0294f36f8e4a0c5926efdc16b31fcb4c788.tar.gz
aur-00e4e0294f36f8e4a0c5926efdc16b31fcb4c788.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/web/html/logout.php b/web/html/logout.php
index dee6456a..1cdf453d 100644
--- a/web/html/logout.php
+++ b/web/html/logout.php
@@ -15,7 +15,7 @@ if (isset($_COOKIE["AURSID"])) {
 	$q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
 	db_query($q, $dbh);
 	# setting expiration to 1 means '1 second after midnight January 1, 1970'
-	setcookie("AURSID", "", 1, "/");
+	setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
 	unset($_COOKIE['AURSID']);
 }
author	Lukas Fleischer <archlinux@cryptocrack.de>	2011-08-11 16:31:25 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2011-08-12 00:09:24 +0200
commit	00e4e0294f36f8e4a0c5926efdc16b31fcb4c788 (patch)
tree	3ca217b603aee394fa328b5c81269d52bf24d6be /web/html/logout.php
parent	1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (diff)
download	aur-00e4e0294f36f8e4a0c5926efdc16b31fcb4c788.tar.gz aur-00e4e0294f36f8e4a0c5926efdc16b31fcb4c788.tar.xz