fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-1284: Security Issue - Session Cookie Without Secure Flag

Browse Source 
.
This commit is contained in:
mcuiza
2016-06-23 15:14:15 -04:00
parent dcd2aa8982
commit 72994ff476
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
workflow/public_html/sysGeneric.php
View File

@@ -897,7 +897,7 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
if (PHP_VERSION < 5.2) { if (PHP_VERSION < 5.2) {
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
} else { } else {
setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true); setcookie(session_name(), session_id(), time() + $timelife, '/', null, G::is_https(), true);
} }
} }
$RBAC->initRBAC(); $RBAC->initRBAC();
@@ -974,7 +974,7 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
if (PHP_VERSION < 5.2) { if (PHP_VERSION < 5.2) {
setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly');
} else { } else {
setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true); setcookie(session_name(), session_id(), time() + $timelife, '/', null, G::is_https(), true);
} }
} }
$RBAC->initRBAC(); $RBAC->initRBAC();