fix(YesWikiInit): use httponly also for session cookie

YesWiki · Oct 5, 2021 · df42b08 · df42b08
1 parent 5f4c8e1
commit df42b08
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/includes/YesWikiInit.php b/includes/YesWikiInit.php
@@ -339,6 +339,7 @@ public function initCookies()
         if (!isset($_SESSION)) {
             $cookiesParam = session_get_cookie_params();
             $cookiesParam['path'] = $CookiePath;
+            $cookiesParam['httponly'] = true;
             session_set_cookie_params($cookiesParam);
             session_name($sessionName);
             session_start();