From 0afe27901189a5416dc696eef32e2bc2e5fe3844 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 24 Jul 2012 14:20:35 +0200
Subject: Set HttpOnly flag also for session cookie

---
 program/include/rcube.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'program')

diff --git a/program/include/rcube.php b/program/include/rcube.php
index 3b1601578..a39eab15c 100644
--- a/program/include/rcube.php
+++ b/program/include/rcube.php
@@ -409,6 +409,7 @@ class rcube
         ini_set('session.use_cookies', 1);
         ini_set('session.use_only_cookies', 1);
         ini_set('session.serialize_handler', 'php');
+        ini_set('session.cookie_httponly', 1);
 
         // use database for storing session data
         $this->session = new rcube_session($this->get_dbh(), $this->config);
-- 
cgit v1.2.3