Skip to content
Snippets Groups Projects
Commit ddedd9e7 authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Merge pull request #211 from thijskh/httponly-default 

Set PHP session cookie configuation to be true by default.
parents c9f57cd7 47e9bdc4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
config-templates/config.php
+ 1
1
View file @ ddedd9e7
...@@ -310,7 +310,7 @@ $config = array( ...@@ -310,7 +310,7 @@ $config = array(
*/ */
'session.phpsession.cookiename' => null, 'session.phpsession.cookiename' => null,
'session.phpsession.savepath' => null, 'session.phpsession.savepath' => null,
'session.phpsession.httponly' => false, 'session.phpsession.httponly' => true,
/* /*
* Option to override the default settings for the auth token cookie * Option to override the default settings for the auth token cookie
......
lib/SimpleSAML/SessionHandlerPHP.php
+ 1
1
View file @ ddedd9e7
...@@ -211,7 +211,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler { ...@@ -211,7 +211,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
$ret['path'] = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/'; $ret['path'] = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/';
} }
$ret['httponly'] = $config->getBoolean('session.phpsession.httponly', FALSE); $ret['httponly'] = $config->getBoolean('session.phpsession.httponly', TRUE);
return $ret; return $ret;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment