Set oc_token to httponly

14 years ago · e7c9d5fe54
parent 59404b5675
commit e7c9d5fe54
1 changed files with 1 additions and 1 deletions
--- a/lib/user.php
+++ b/lib/user.php
@ -476,7 +476,7 @@ class OC_User {
 		$secure_cookie = OC_Config::getValue("forcessl", false);
 		$expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15);
 		setcookie("oc_username", $username, $expires, '', '', $secure_cookie);
-		setcookie("oc_token", $token, $expires, '', '', $secure_cookie);
+		setcookie("oc_token", $token, $expires, '', '', $secure_cookie, true);
 		setcookie("oc_remember_login", true, $expires, '', '', $secure_cookie);
 	}