Mercurial > defr > drupal > core

diff includes/session.inc @ 15:4347c45bb494 6.7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Drupal 6.7
author Franck Deroche <webmaster@defr.org>
date Tue, 23 Dec 2008 14:32:44 +0100
parents 8b6c45761e01
children 8e6257f3ae39
line wrap: on
line diff
--- a/includes/session.inc	Tue Dec 23 14:32:33 2008 +0100
+++ b/includes/session.inc	Tue Dec 23 14:32:44 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: session.inc,v 1.44.2.4 2008/10/20 09:53:32 goba Exp $
+// $Id: session.inc,v 1.44.2.5 2008/12/08 14:42:30 goba Exp $
 
 /**
  * @file
@@ -97,6 +97,10 @@
     setcookie(session_name(), '', time() - 42000, '/');
   }
 
+  extract(session_get_cookie_params());
+  // Set "httponly" to TRUE to reduce the risk of session stealing via XSS.
+  // This has no effect for PHP < 5.2.0.
+  session_set_cookie_params($lifetime, $path, $domain, $secure, TRUE);
   session_regenerate_id();
 
   db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);