From 3e2c4a437a4fce7712d0a0038d3a30a73fac8426 Mon Sep 17 00:00:00 2001 From: Cameron Date: Sat, 21 Feb 2015 12:07:22 -0800 Subject: [PATCH] Issue #688 - php runtime setting. --- e107_handlers/e107_class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index b90e56f18..96872ebfa 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -2775,6 +2775,7 @@ class e107 e107::ini_set('arg_separator.output', '&'); e107::ini_set('session.use_only_cookies', 1); e107::ini_set('session.use_trans_sid', 0); + e107::ini_set('session.cookie_httponly', 1); // cookie won't be accessible by scripting languages, such as JavaScript. Can effectively help to reduce identity theft through XSS attacks // Ensure thet '.' is the first part of the include path $inc_path = explode(PATH_SEPARATOR, ini_get('include_path'));