more cookie security FS#1490
This patch adds the httponly option to the PHP session cookies and DokuWiki's auth cookie when supported by the PHP version. It also adds a new config option 'securecookie' which is enabled by default. It makes sure the browser will not sent a cookie set via HTTPS over a non-secured connection. This option has to be disabled for wikis that only protect the login with SSL but not the whole wiki. darcs-hash:20080912224922-7ad00-d5275147ba9d17a9f6defa8a51ca720da74ba8a0.gz
Showing
- conf/dokuwiki.php 2 additions, 1 deletionconf/dokuwiki.php
- inc/auth.php 11 additions, 2 deletionsinc/auth.php
- inc/init.php 22 additions, 4 deletionsinc/init.php
- lib/plugins/config/lang/en/lang.php 1 addition, 0 deletionslib/plugins/config/lang/en/lang.php
- lib/plugins/config/settings/config.metadata.php 1 addition, 0 deletionslib/plugins/config/settings/config.metadata.php
Loading
Please register or sign in to comment