security improvement

mevdschee · web-flow · commit d439f0fe0c59 · 2016-08-13T13:36:56.000+02:00
diff --git a/api.php b/api.php
@@ -2053,6 +2053,7 @@ public function executeCommand() {
 		extract($this->settings);
 		$no_session = $authenticator && $secret; 
 		if (!$no_session) {
+			ini_set('session.cookie_httponly', 1);
 			session_start();
 		}
 		if ($method==$verb && trim($path,'/')==$request) {

Original file line number	Diff line number	Diff line change
`@@ -2053,6 +2053,7 @@ public function executeCommand() {`
`2053`	`2053`	`extract($this->settings);`
`2054`	`2054`	`$no_session = $authenticator && $secret;`
`2055`	`2055`	`if (!$no_session) {`
	`2056`	`+ ini_set('session.cookie_httponly', 1);`
`2056`	`2057`	`session_start();`
`2057`	`2058`	`}`
`2058`	`2059`	`if ($method==$verb && trim($path,'/')==$request) {`