summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGDmac <grdalenoort@gmail.com>2012-10-16 14:19:57 +0200
committerGDmac <grdalenoort@gmail.com>2012-10-16 14:27:54 +0200
commit19cd88799f27bef8d502250c86eddcd72789bdb3 (patch)
tree873ff639a9c9d7d86620c56f4afff57cc3c3d08f
parent2220fbe70503dd6d7ff9b2a57b84685955e815ab (diff)
Session Native, respect cookie settings
Respect config settings for cookie_secure and cookie_httponly Signed-off-by: GDmac <grdalenoort@gmail.com>
-rwxr-xr-xsystem/libraries/Session/drivers/Session_native.php24
1 files changed, 21 insertions, 3 deletions
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index 6529d4c36..d7b9e8410 100755
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -55,7 +55,9 @@ class CI_Session_native extends CI_Session_driver {
'sess_time_to_update',
'cookie_prefix',
'cookie_path',
- 'cookie_domain'
+ 'cookie_domain',
+ 'cookie_secure',
+ 'cookie_httponly'
);
foreach ($prefs as $key)
@@ -82,6 +84,9 @@ class CI_Session_native extends CI_Session_driver {
$expire = 7200;
$path = '/';
$domain = '';
+ $secure = FALSE;
+ $http_only = FALSE;
+
if ($config['sess_expiration'] !== FALSE)
{
// Default to 2 years if expiration is "0"
@@ -99,7 +104,20 @@ class CI_Session_native extends CI_Session_driver {
// Use specified domain
$domain = $config['cookie_domain'];
}
- session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain);
+
+ if ($config['cookie_secure'])
+ {
+ // Send over SSL / HTTPS only?
+ $secure = $config['cookie_secure'];
+ }
+
+ if ($config['cookie_httponly'])
+ {
+ // only available to HTTP(S)?
+ $http_only = $config['http_only'];
+ }
+
+ session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only);
// Start session
session_start();
@@ -189,7 +207,7 @@ class CI_Session_native extends CI_Session_driver {
{
// Clear session cookie
$params = session_get_cookie_params();
- setcookie($name, '', time() - 42000, $params['path'], $params['domain']);
+ setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
unset($_COOKIE[$name]);
}
session_destroy();