• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ag-auth secure and httponly cookies

#1
We are using ag-auth 2.0.3 for code igniter. We recently went through an audit and one of the points we got dinged on was cookies without the secure flag set and cookies not flagged for httponly. I managed to set all cookies coming from code igniter as http only and secure them, but I cannot get ag-auth to cooperate. I tried adding

$this->sess_cookie_name,
$cookie_data,
$expire,
$this->cookie_path,
$this->cookie_domain,
$this->cookie_secure,
$this->cookie_httponly

to

setcookie();

But it seems to just ignore it and the cookies aren't secure or httponly. I'm a sysadmin typically, so the nuances of how to make this work elude me. What am I doing wrong?
Reply

#2
The cookie is in this method in the ag library.

PHP Code:
private function _generate() 

See the set_cookie at the bottom.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.