[icinga-checkins] icinga.org: icingaweb2/bugfix/ make-cookies-well-formated-and-https-compliant-11187: Override the following parameters of a session cookie: path, domain, secure, httponly

git at icinga.org git at icinga.org
Fri Feb 26 18:12:39 CET 2016


Module: icingaweb2
Branch: bugfix/make-cookies-well-formated-and-https-compliant-11187
Commit: 05ef689f13a31d3a087015842e1e84a211c72a4c
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=05ef689f13a31d3a087015842e1e84a211c72a4c

Author: Alexander A. Klimov <alexander.klimov at netways.de>
Date:   Fri Feb 26 18:05:59 2016 +0100

Override the following parameters of a session cookie: path, domain, secure, httponly

refs #11187

---

 library/Icinga/Web/Session/PhpSession.php |    9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/library/Icinga/Web/Session/PhpSession.php b/library/Icinga/Web/Session/PhpSession.php
index 40fbff6..fe2048a 100644
--- a/library/Icinga/Web/Session/PhpSession.php
+++ b/library/Icinga/Web/Session/PhpSession.php
@@ -125,6 +125,15 @@ class PhpSession extends Session
             ini_set('session.cache_limiter', null);
         }
 
+        $params = session_get_cookie_params();
+        session_set_cookie_params(
+            $params['lifetime'],
+            $this->getCookiePath(),
+            $this->getDomain(),
+            $this->isSecure(),
+            true
+        );
+
         session_start();
 
         if ($this->hasBeenTouched) {



More information about the icinga-checkins mailing list