Merge pull request #454 from julceslauhub/master

BUG 9528 Cookies in ProcessMaker are not HttpOnly SOLVED
2012-08-09 13:35:23 -07:00
parent 4bd04c91b8 17667e8831
commit bafeff2052
1 changed files with 6 additions and 0 deletions
--- a/workflow/engine/methods/login/authentication.php
+++ b/workflow/engine/methods/login/authentication.php
@@ -150,6 +150,12 @@ try {
        $_SESSION['USR_USERNAME'] = $usr;
    }

+    if (PHP_VERSION < 5.2) {
+      setcookie(session_name(), session_id(), null, '/', '; HttpOnly');
+    } else {
+      setcookie(session_name(), session_id(), null, '/', null, null, true);
+    }
+
    $aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
    $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
    //$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']);