fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 9528 Cookies in ProcessMaker are not HttpOnly

Browse Source 
- The PHPSESSID cookie are not HttpOnly
- Add the attribute HttpOnly for the PHPSESSID cookie
This commit is contained in:
Julio Cesar Laura
2012-08-09 16:32:52 -04:00
parent 4bd04c91b8
commit 17667e8831
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
workflow/engine/methods/login/authentication.php
View File

@@ -150,6 +150,12 @@ try {
$_SESSION['USR_USERNAME'] = $usr; $_SESSION['USR_USERNAME'] = $usr;
} }
if (PHP_VERSION < 5.2) {
setcookie(session_name(), session_id(), null, '/', '; HttpOnly');
} else {
setcookie(session_name(), session_id(), null, '/', null, null, true);
}
$aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']); $aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
//$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']); //$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']);