ag-auth secure and httponly cookies |
We are using ag-auth 2.0.3 for code igniter. We recently went through an audit and one of the points we got dinged on was cookies without the secure flag set and cookies not flagged for httponly. I managed to set all cookies coming from code igniter as http only and secure them, but I cannot get ag-auth to cooperate. I tried adding
$this->sess_cookie_name, $cookie_data, $expire, $this->cookie_path, $this->cookie_domain, $this->cookie_secure, $this->cookie_httponly to setcookie(); But it seems to just ignore it and the cookies aren't secure or httponly. I'm a sysadmin typically, so the nuances of how to make this work elude me. What am I doing wrong? |
Messages In This Thread |
ag-auth secure and httponly cookies - by theantioch - 01-07-2015, 10:26 AM
RE: ag-auth secure and httponly cookies - by InsiteFX - 01-07-2015, 09:56 PM
|