Merge pull request #1875 from pi-hole/tweak/http-only-cookies

Add httponly = true to persistent login cookie
pi-hole · Sep 11, 2021 · c5cfb29 · c5cfb29
2 parents cce6889 + cf8602e
commit c5cfb29
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/scripts/pi-hole/php/password.php b/scripts/pi-hole/php/password.php
@@ -50,7 +50,8 @@
             {
                 $auth = true;
                 // Refresh cookie with new expiry
-                setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
+                // setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
+                setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
             }
             else
             {
@@ -79,7 +80,8 @@
                     // Set persistent cookie if selected
                     if (isset($_POST['persistentlogin']))
                     {
-                        setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
+                        // setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
+                        setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
                     }
                     header('Location: index.php');
                     exit();