diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-08-11 16:31:25 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-08-12 00:09:24 +0200 |
commit | 00e4e0294f36f8e4a0c5926efdc16b31fcb4c788 (patch) | |
tree | 3ca217b603aee394fa328b5c81269d52bf24d6be /web/lib/acctfuncs.inc.php | |
parent | 1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (diff) | |
download | aur-00e4e0294f36f8e4a0c5926efdc16b31fcb4c788.tar.gz aur-00e4e0294f36f8e4a0c5926efdc16b31fcb4c788.tar.xz |
Use secure and httponly session cookies
As discussed on the mailing list, enable "secure" and "httponly" for
session cookies to prevent them from being transferred over insecure
connections.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/acctfuncs.inc.php')
-rw-r--r-- | web/lib/acctfuncs.inc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index b2f0548e..97fb69b9 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -658,7 +658,7 @@ function try_login() { else $cookie_time = 0; - setcookie("AURSID", $new_sid, $cookie_time, "/"); + setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true); header("Location: " . $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']); $login_error = ""; |