[Security] - Set Cookie settings to TRUE for option "HttpOnly"

Requirements

Security enhancement - it is desirable to set the cookie (upon login page) settings to TRUE for attribute HttpOnly.

"HttpOnly" option makes sure that XSS code injected though JavaScript will be refused by the browser.

To be integrated within 1.3-fixes and 1.4-dev.

Descriptive title for this enhancement

[Security] - Set Cookie settings to TRUE for option "HttpOnly">

Actual behavior

Cookie HttpOnly is set to FALSE

Expected behavior

HttpOnly set to TRUE

Step by step description of new behaviour

Update php.ini to set HttpOnly cookie option to TRUE.

Benefits

Less possible attack coming from inject of javascript XSS

Possible Drawbacks

None

Applicable Issues

None