diff options
author | reed%reedloden.com <> | 2008-08-23 06:38:55 +0200 |
---|---|---|
committer | reed%reedloden.com <> | 2008-08-23 06:38:55 +0200 |
commit | d8b02aff4ed586f38a56caaafcb0374edc16d519 (patch) | |
tree | a605c395912f4ee79e299a7701fb62ffce82cca6 /Bugzilla/Auth | |
parent | d68db405497ae121a123843ff478c8c703523094 (diff) | |
download | bugzilla-d8b02aff4ed586f38a56caaafcb0374edc16d519.tar.gz bugzilla-d8b02aff4ed586f38a56caaafcb0374edc16d519.tar.xz |
Bug 368502 - "Bugzilla_logincookie should not be accessible via javascript" [p=reed r+a=mkanat]
Diffstat (limited to 'Bugzilla/Auth')
-rw-r--r-- | Bugzilla/Auth/Persist/Cookie.pm | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm index 3faa892ae..4928068e5 100644 --- a/Bugzilla/Auth/Persist/Cookie.pm +++ b/Bugzilla/Auth/Persist/Cookie.pm @@ -76,17 +76,20 @@ sub persist_login { { $cgi->send_cookie(-name => 'Bugzilla_login', -value => $user->id, + -httponly => 1, -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); $cgi->send_cookie(-name => 'Bugzilla_logincookie', -value => $login_cookie, + -httponly => 1, -expires => 'Fri, 01-Jan-2038 00:00:00 GMT'); - } else { $cgi->send_cookie(-name => 'Bugzilla_login', - -value => $user->id); + -value => $user->id, + -httponly => 1); $cgi->send_cookie(-name => 'Bugzilla_logincookie', - -value => $login_cookie); + -value => $login_cookie, + -httponly => 1); } } |