HttpOnly cookie in CodeIgniter

Seriusly? You are developer and u can't write in google 'php how to set http_only cookie'?
In system/library/Session.php:688 add comma at end, and in next line type 'true' (as bollean ofc)
If in that place isn't any variable how you wanna put there something?

Dont act too smart Nick
I have searched google and found that httponly cookie is not implemented in CI 2.1.3 and only after that I have posted in this forum. We can see in session.php itself that cookie_httponly  is not set

Code:

foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key)

Common sense should prevail.

Step by Step doc how to use cookie_httponly

https://www.codeigniter.com/user_guide/i...e_214.html
https://www.codeigniter.com/user_guide/i...e_220.html
https://www.codeigniter.com/user_guide/i...e_300.html
https://www.codeigniter.com/user_guide/i...e_310.html
https://www.codeigniter.com/user_guide/i...e_311.html
https://www.codeigniter.com/user_guide/i...e_312.html
https://www.codeigniter.com/user_guide/i...e_313.html
https://www.codeigniter.com/user_guide/i...e_314.html

or you change this line (bad way):

https://github.com/bcit-ci/CodeIgniter/b...n.php#L668


if you care about security update you code. 5 year old codeigniter code is not secure.