[eluser]Unknown[/eluser]
With the latest version of CI it doesn't appear there's a config setting to turn on the HttpOnly flag. I'm using the built in csrf tokens but also want the token to have the HttpOnly flag set on the cookie. How can this be accomplished? Was the HttpOnly setting missed in the latest release?
Thanks for your help!
