Set oc_token to httponly

2012-10-16 13:58:00 +02:00 · 2012-10-16 13:58:00 +02:00 · 50684a5a34
parent f06467b95b
commit 50684a5a34
1 changed files with 1 additions and 1 deletions
--- a/lib/user.php
+++ b/lib/user.php
@ -473,7 +473,7 @@ class OC_User {
 	public static function setMagicInCookie($username, $token) {
 		$secure_cookie = OC_Config::getValue("forcessl", false);
 		setcookie("oc_username", $username, time()+60*60*24*15, '', '', $secure_cookie);
-		setcookie("oc_token", $token, time()+60*60*24*15, '', '', $secure_cookie);
+		setcookie("oc_token", $token, time()+60*60*24*15, '', '', $secure_cookie, true);
 		setcookie("oc_remember_login", true, time()+60*60*24*15, '', '', $secure_cookie);
 	}