[Security] - Set Cookie settings to TRUE for option "HttpOnly"
Requirements
Security enhancement - it is desirable to set the cookie (upon login page) settings to TRUE for attribute HttpOnly.
"HttpOnly" option makes sure that XSS code injected though JavaScript will be refused by the browser.
To be integrated within 1.3-fixes and 1.4-dev.
Descriptive title for this enhancement
[Security] - Set Cookie settings to TRUE for option "HttpOnly">
Actual behavior
Cookie HttpOnly is set to FALSE
Expected behavior
HttpOnly set to TRUE
Step by step description of new behaviour
Update php.ini to set HttpOnly cookie option to TRUE.
Benefits
Less possible attack coming from inject of javascript XSS
Possible Drawbacks
None
Applicable Issues
None