Skip to content
Snippets Groups Projects
Commit ddedd9e7 authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Merge pull request #211 from thijskh/httponly-default

Set PHP session cookie configuation to be true by default.
parents c9f57cd7 47e9bdc4
No related branches found
No related tags found
No related merge requests found
...@@ -310,7 +310,7 @@ $config = array( ...@@ -310,7 +310,7 @@ $config = array(
*/ */
'session.phpsession.cookiename' => null, 'session.phpsession.cookiename' => null,
'session.phpsession.savepath' => null, 'session.phpsession.savepath' => null,
'session.phpsession.httponly' => false, 'session.phpsession.httponly' => true,
/* /*
* Option to override the default settings for the auth token cookie * Option to override the default settings for the auth token cookie
......
...@@ -211,7 +211,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler { ...@@ -211,7 +211,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
$ret['path'] = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/'; $ret['path'] = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/';
} }
$ret['httponly'] = $config->getBoolean('session.phpsession.httponly', FALSE); $ret['httponly'] = $config->getBoolean('session.phpsession.httponly', TRUE);
return $ret; return $ret;
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment