+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: External Resources (https://forum.codeigniter.com/forumdisplay.php?fid=7)
+--- Forum: Addins (https://forum.codeigniter.com/forumdisplay.php?fid=13)
+--- Thread: ag-auth secure and httponly cookies (/showthread.php?tid=703)
ag-auth secure and httponly cookies - theantioch - 01-07-2015
We are using ag-auth 2.0.3 for code igniter. We recently went through an audit and one of the points we got dinged on was cookies without the secure flag set and cookies not flagged for httponly. I managed to set all cookies coming from code igniter as http only and secure them, but I cannot get ag-auth to cooperate. I tried adding
$this->sess_cookie_name,
$cookie_data,
$expire,
$this->cookie_path,
$this->cookie_domain,
$this->cookie_secure,
$this->cookie_httponly
to
setcookie();
But it seems to just ignore it and the cookies aren't secure or httponly. I'm a sysadmin typically, so the nuances of how to make this work elude me. What am I doing wrong?
RE: ag-auth secure and httponly cookies - InsiteFX - 01-07-2015
The cookie is in this method in the ag library.
PHP Code:
private function _generate()
See the set_cookie at the bottom.