Skip to content

Y
yii2
Commit 92e634db by Alexander Makarov
Options

Ability to configure session cookie, httponly by default

parent f69a73ba
Showing with 9 additions and 0 deletions
framework/web/Session.php
...@@ -60,6 +60,13 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co ...@@ -60,6 +60,13 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co
public $flashVar = '__flash'; public $flashVar = '__flash';
/** /**
* @var array parameter-value pairs to override default session cookie parameters
*/
public $cookieParams = array(
'httponly' => true
);
/**
* Initializes the application component. * Initializes the application component.
* This method is required by IApplicationComponent and is invoked by application. * This method is required by IApplicationComponent and is invoked by application.
*/ */
...@@ -111,6 +118,8 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co ...@@ -111,6 +118,8 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co
); );
} }
$this->setCookieParams($this->cookieParams);
@session_start(); @session_start();
if (session_id() == '') { if (session_id() == '') {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment