Add session cookie httponly and set it to true.

2025-12-30 00:53:50 +00:00 · 2015-12-21 20:52:54 -07:00
parent e2feca300a
commit 5da1286329
10 changed files with 14 additions and 5 deletions
--- a/resources/php.php
+++ b/resources/php.php
@@ -29,6 +29,7 @@

 	//session handling
 		//start the session
+			ini_set("session.cookie_httponly", True);
 			session_start();
 		//regenerate sessions to avoid session id attacks such as session fixation
 			if ($_SESSION['security']['session_rotate']['boolean'] == "true") {