From c01daa57e5111b55f4daa7fd00e350a59464e8d8 Mon Sep 17 00:00:00 2001 From: mcuiza Date: Fri, 1 Jul 2016 11:06:30 -0400 Subject: [PATCH] HOR-1391: CLONE - Security Issue - Session Cookie Without HttpOnly And Secure Flag in login page --- workflow/public_html/sysGeneric.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index 4e800e4b8..950cd1199 100755 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -303,6 +303,9 @@ if ((preg_match("/msie/i", $_SERVER ['HTTP_USER_AGENT']) != 1 || } session_start(); +ini_set( 'session.cookie_httponly', 1 ); +ini_set( 'session.cookie_secure', 1 ); + //$e_all = defined( 'E_DEPRECATED' ) ? E_ALL & ~ E_DEPRECATED : E_ALL; //$e_all = defined( 'E_STRICT' ) ? $e_all & ~ E_STRICT : $e_all; //$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE;