Annajwaszahro
/
MIF_E31222691
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added http_only option to session configuration.

This commit is contained in:
Taylor Otwell 2011-07-22 08:00:14 -07:00
parent d6e1d5424d
commit db45be960f
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
application/config/session.php
View File

@ -16,7 +16,7 @@
| |
*/ */
'driver' => '', 'driver' => 'file',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
@ -86,4 +86,19 @@
'https' => false, 'https' => false,
/*
|--------------------------------------------------------------------------
| HTTP Only Session Cookie
|--------------------------------------------------------------------------
|
| Should the session cookie only be accessible over HTTP?
|
| Note: The intention of the "HTTP Only" option is to keep cookies from
| being accessed by client-side scripting languages. However, this
| setting should not be viewed as providing total XSS protection.
|
*/
'http_only' => false,
); );