From c6ef1120f82839cbb9d5abee12ab3e4803d5e2cd Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Wed, 20 Sep 2017 11:07:25 +0200 Subject: [PATCH] Set cookie to httponly --- includes/engelsystem_provider.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index cd22f6a7..0de5e0f5 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -12,6 +12,7 @@ use Engelsystem\Routing\UrlGenerator; use Psr\Log\LoggerInterface; use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage; +use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; /** * This file includes all needed functions, connects to the db etc. @@ -198,10 +199,8 @@ foreach ($includeFiles as $file) { /** * Init application */ -$session = new Session(); -if (PHP_SAPI == 'cli') { - $session = new Session(new MockArraySessionStorage()); -} +$sessionStorage = (PHP_SAPI != 'cli' ? new NativeSessionStorage(['cookie_httponly' => true]) : new MockArraySessionStorage()); +$session = new Session($sessionStorage); $app->instance('session', $session); $session->start(); $request->setSession($session);