Ability to configure session cookie, httponly by default

92e634db · Alexander Makarov · f69a73ba · 92e634db
Commit 92e634db authored Mar 29, 2013 by Alexander Makarov
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

Session.php framework/web/Session.php +9 -0

No files found.
--- a/framework/web/Session.php
+++ b/framework/web/Session.php
@@ -60,6 +60,13 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co
 	public $flashVar = '__flash';

 	/**
+	 * @var array parameter-value pairs to override default session cookie parameters
+	 */
+	public $cookieParams = array(
+		'httponly' => true
+	);
+
+	/**
 	 * Initializes the application component.
 	 * This method is required by IApplicationComponent and is invoked by application.
 	 */
@@ -111,6 +118,8 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co
 				);
 			}

+			$this->setCookieParams($this->cookieParams);
+
 			@session_start();

 			if (session_id() == '') {