chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Set ch_sid cookie to 'secure' when using HTTPS - refs BT#21289

Browse Source
pull/5023/head
Yannick Warnier 2 years ago
parent 925e49f448
commit f18067843e
1 changed files with 3 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/lib/chamilo_session.class.php

4
main/inc/lib/chamilo_session.class.php
Unescape View File

@ -86,6 +86,9 @@ class ChamiloSession extends System\Session
//ini_set('session.cookie_secure', 1);
//session ID in the cookie is only readable by the server
ini_set('session.cookie_httponly', 1);
if (api_is_https()) {
ini_set('session.cookie_secure', 1);
}
if (api_get_configuration_value('security_session_cookie_samesite_none')) {
if (PHP_VERSION_ID < 70300) {
@ -93,7 +96,6 @@ class ChamiloSession extends System\Session
session_set_cookie_params($sessionCookieParams['lifetime'], '/; samesite=None',
$sessionCookieParams['domain'], true, $sessionCookieParams['httponly']);
} else {
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_samesite', 'None');
}
}

Write Preview
Loading…
Cancel
Save