fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-1391: CLONE - Security Issue - Session Cookie Without HttpOnly And Secure Flag in login page

Browse Source
This commit is contained in:
mcuiza
2016-07-01 11:06:30 -04:00
parent 7dabb98200
commit c01daa57e5
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
workflow/public_html/sysGeneric.php
View File

@@ -303,6 +303,9 @@ if ((preg_match("/msie/i", $_SERVER ['HTTP_USER_AGENT']) != 1 ||
} }
session_start(); session_start();
ini_set( 'session.cookie_httponly', 1 );
ini_set( 'session.cookie_secure', 1 );
//$e_all = defined( 'E_DEPRECATED' ) ? E_ALL & ~ E_DEPRECATED : E_ALL; //$e_all = defined( 'E_DEPRECATED' ) ? E_ALL & ~ E_DEPRECATED : E_ALL;
//$e_all = defined( 'E_STRICT' ) ? $e_all & ~ E_STRICT : $e_all; //$e_all = defined( 'E_STRICT' ) ? $e_all & ~ E_STRICT : $e_all;
//$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE; //$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE;