summaryrefslogtreecommitdiffstats
path: root/web/html
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-08-11 16:31:25 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-08-12 00:09:24 +0200
commit00e4e0294f36f8e4a0c5926efdc16b31fcb4c788 (patch)
tree3ca217b603aee394fa328b5c81269d52bf24d6be /web/html
parent1c9db1d1f14d5f83d8bd7dbbd535cf109680471f (diff)
downloadaurweb-00e4e0294f36f8e4a0c5926efdc16b31fcb4c788.tar.xz
Use secure and httponly session cookies
As discussed on the mailing list, enable "secure" and "httponly" for session cookies to prevent them from being transferred over insecure connections. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
-rw-r--r--web/html/logout.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/html/logout.php b/web/html/logout.php
index dee6456..1cdf453 100644
--- a/web/html/logout.php
+++ b/web/html/logout.php
@@ -15,7 +15,7 @@ if (isset($_COOKIE["AURSID"])) {
$q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
db_query($q, $dbh);
# setting expiration to 1 means '1 second after midnight January 1, 1970'
- setcookie("AURSID", "", 1, "/");
+ setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true);
unset($_COOKIE['AURSID']);
}