Welcome Guest, Not a member yet? Register   Sign In
ag-auth secure and httponly cookies
#1

We are using ag-auth 2.0.3 for code igniter. We recently went through an audit and one of the points we got dinged on was cookies without the secure flag set and cookies not flagged for httponly. I managed to set all cookies coming from code igniter as http only and secure them, but I cannot get ag-auth to cooperate. I tried adding

$this->sess_cookie_name,
$cookie_data,
$expire,
$this->cookie_path,
$this->cookie_domain,
$this->cookie_secure,
$this->cookie_httponly

to

setcookie();

But it seems to just ignore it and the cookies aren't secure or httponly. I'm a sysadmin typically, so the nuances of how to make this work elude me. What am I doing wrong?
Reply
#2

(This post was last modified: 01-07-2015, 09:57 PM by InsiteFX.)

The cookie is in this method in the ag library.

PHP Code:
private function _generate() 

See the set_cookie at the bottom.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB