Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-05-03 23:18:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

set httponly to true when calling setcookie. the ini_set option above doesn't actually seem to do anything... (but not removing it just in case

Browse Source 
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Adam Warner
2021-09-11 19:34:32 +01:00
parent cce6889226
commit cf8602eedd
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/pi-hole/php/password.php
View File

@@ -50,7 +50,8 @@
{
$auth = true;
// Refresh cookie with new expiry
setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
// setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
}
else
{
@@ -79,7 +80,8 @@
// Set persistent cookie if selected
if (isset($_POST['persistentlogin']))
{
setcookie('persistentlogin', $pwhash, time()+60*60*24*7);
// setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
}
header('Location: index.php');
exit();