Set session_api_session cookie using Secure and HTTPOnly params [#2538378]

Currently session_api_get_sid() calls setcookie() without setting the Secure and HTTPOnly parameters, and the only way to get this cookie to be secure and httponly is to hack the module... do let me know if there's another way ;-)

Comment	File	Size	Author
#1	set_session_api_session-2538378-1.patch	607 bytes	manuel garcia

Comments

Comment #1

manuel garcia commented 23 July 2015 at 11:20

Status	File	Size
new	set_session_api_session-2538378-1.patch	607 bytes

Comment #2

manuel garcia commented 23 July 2015 at 11:35

Status:

Active

» Needs review

Comment #3

a.ross commented 11 July 2017 at 10:25

Status:

Needs review

» Needs work

I would prefer these to be configurable in the module configuration form, instead of using PHP's session config parameters.

Set session_api_session cookie using Secure and HTTPOnly params

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community