Set cookie to httponly

author: Igor Scheller <igor.scheller@igorshp.de> 2017-09-20 11:07:25 +0200
committer: Igor Scheller <igor.scheller@igorshp.de> 2017-09-20 11:07:25 +0200
commit: c6ef1120f82839cbb9d5abee12ab3e4803d5e2cd (patch)
tree: d490633b32b69a7141516aa238699c3e7e64ef63 /includes
parent: 31414905d710ed53796d67759dec24baf2eeefc7 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php
index cd22f6a7..0de5e0f5 100644
--- a/includes/engelsystem_provider.php
+++ b/includes/engelsystem_provider.php
@@ -12,6 +12,7 @@ use Engelsystem\Routing\UrlGenerator;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
+use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
 
 /**
  * This file includes all needed functions, connects to the db etc.
@@ -198,10 +199,8 @@ foreach ($includeFiles as $file) {
 /**
  * Init application
  */
-$session = new Session();
-if (PHP_SAPI == 'cli') {
-    $session = new Session(new MockArraySessionStorage());
-}
+$sessionStorage = (PHP_SAPI != 'cli' ? new NativeSessionStorage(['cookie_httponly' => true]) : new MockArraySessionStorage());
+$session = new Session($sessionStorage);
 $app->instance('session', $session);
 $session->start();
 $request->setSession($session);
author	Igor Scheller <igor.scheller@igorshp.de>	2017-09-20 11:07:25 +0200
committer	Igor Scheller <igor.scheller@igorshp.de>	2017-09-20 11:07:25 +0200
commit	c6ef1120f82839cbb9d5abee12ab3e4803d5e2cd (patch)
tree	d490633b32b69a7141516aa238699c3e7e64ef63 /includes
parent	31414905d710ed53796d67759dec24baf2eeefc7 (diff)