Switched to httpOnly cookies

thorsten · Aug 8, 2017 · c420e7d · c420e7d
1 parent 81146b4
commit c420e7d
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/phpmyfaq/src/PMF/Session.php b/phpmyfaq/src/PMF/Session.php
@@ -456,11 +456,18 @@ public function getLast30DaysVisits()
      */
     public static function setCookie($name, $sessionId = '', $timeout = PMF_SESSION_EXPIRED_TIME)
     {
+        $protocol = 'http';
+        if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
+            $protocol = 'https';
+        }
         return setcookie(
             $name,
             $sessionId,
             $_SERVER['REQUEST_TIME'] + $timeout,
-            dirname($_SERVER['SCRIPT_NAME'])
+            dirname($_SERVER['SCRIPT_NAME']),
+            $protocol.'://'.$_SERVER['HTTP_HOST'],
+            ('https' === $protocol) ? true : false,
+            true
         );
     }
 }