Skip to content
GitLab
Commit fadebb79 authored by bmortier's avatar bmortier
Browse files

Merge branch '6217-security-set-cookie-settings-to-true-for-option-httponly' into '1.3-fixes'

parent a316b522
dev 6342-update-the-locales-for-1-5 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock 6378-orcid-test-method-is-wrong-and-break-orcid-saving core-php8 master fusiondirectory-1.5 fusiondirectory-1.4 fusiondirectory-1.3.1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 0 deletions
+7 -0
include/class_session.inc
+ 7
0
View file @ fadebb79
...@@ -151,6 +151,13 @@ class session { ...@@ -151,6 +151,13 @@ class session {
!! The garbage collector is a cron job on debian systems, the cronjob will fetch the timeout from !! The garbage collector is a cron job on debian systems, the cronjob will fetch the timeout from
the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */ the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */
ini_set("session.gc_maxlifetime", 24 * 60 * 60); ini_set("session.gc_maxlifetime", 24 * 60 * 60);
/*
* Set HttpOnly in order to enhance security by disabling execution of javascript on cookies,
* allowing possible XSS attacks
*/
ini_set("session.cookie_httponly", "1");
if ($id !== NULL) { if ($id !== NULL) {
session_id($id); session_id($id);
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment