diff options
author | GDmac <grdalenoort@gmail.com> | 2012-10-16 14:19:57 +0200 |
---|---|---|
committer | GDmac <grdalenoort@gmail.com> | 2012-10-16 14:27:54 +0200 |
commit | 19cd88799f27bef8d502250c86eddcd72789bdb3 (patch) | |
tree | 873ff639a9c9d7d86620c56f4afff57cc3c3d08f /system/libraries/Session | |
parent | 2220fbe70503dd6d7ff9b2a57b84685955e815ab (diff) |
Session Native, respect cookie settings
Respect config settings for cookie_secure and cookie_httponly
Signed-off-by: GDmac <grdalenoort@gmail.com>
Diffstat (limited to 'system/libraries/Session')
-rwxr-xr-x | system/libraries/Session/drivers/Session_native.php | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php index 6529d4c36..d7b9e8410 100755 --- a/system/libraries/Session/drivers/Session_native.php +++ b/system/libraries/Session/drivers/Session_native.php @@ -55,7 +55,9 @@ class CI_Session_native extends CI_Session_driver { 'sess_time_to_update', 'cookie_prefix', 'cookie_path', - 'cookie_domain' + 'cookie_domain', + 'cookie_secure', + 'cookie_httponly' ); foreach ($prefs as $key) @@ -82,6 +84,9 @@ class CI_Session_native extends CI_Session_driver { $expire = 7200; $path = '/'; $domain = ''; + $secure = FALSE; + $http_only = FALSE; + if ($config['sess_expiration'] !== FALSE) { // Default to 2 years if expiration is "0" @@ -99,7 +104,20 @@ class CI_Session_native extends CI_Session_driver { // Use specified domain $domain = $config['cookie_domain']; } - session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain); + + if ($config['cookie_secure']) + { + // Send over SSL / HTTPS only? + $secure = $config['cookie_secure']; + } + + if ($config['cookie_httponly']) + { + // only available to HTTP(S)? + $http_only = $config['http_only']; + } + + session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only); // Start session session_start(); @@ -189,7 +207,7 @@ class CI_Session_native extends CI_Session_driver { { // Clear session cookie $params = session_get_cookie_params(); - setcookie($name, '', time() - 42000, $params['path'], $params['domain']); + setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']); unset($_COOKIE[$name]); } session_destroy(); |