From df42b08e03af08a236c04b5a202fcebde14b453a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dufraisse?=
 <jeremy.dufraisse-info@orange.fr>
Date: Tue, 5 Oct 2021 09:30:33 +0200
Subject: [PATCH] fix(YesWikiInit): use httponly also for session cookie

---
 includes/YesWikiInit.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/YesWikiInit.php b/includes/YesWikiInit.php
index a1bd5a0f6..b267e4acc 100644
--- a/includes/YesWikiInit.php
+++ b/includes/YesWikiInit.php
@@ -339,6 +339,7 @@ public function initCookies()
         if (!isset($_SESSION)) {
             $cookiesParam = session_get_cookie_params();
             $cookiesParam['path'] = $CookiePath;
+            $cookiesParam['httponly'] = true;
             session_set_cookie_params($cookiesParam);
             session_name($sessionName);
             session_start();