# hasn't already been set to the desired value (that causes errors)
ini_set( 'session.save_handler', $wgSessionHandler );
}
- $httpOnlySafe = wfHttpOnlySafe();
+ $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
wfDebugLog( 'cookie',
'session_set_cookie_params: "' . implode( '", "',
array(
$wgCookiePath,
$wgCookieDomain,
$wgCookieSecure,
- $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
- if( $httpOnlySafe && $wgCookieHttpOnly ) {
- session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
- } else {
- // PHP 5.1 throws warnings if you pass the HttpOnly parameter for 5.2.
- session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
- }
+ $httpOnlySafe ) ) . '"' );
+ session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $httpOnlySafe );
session_cache_limiter( 'private, must-revalidate' );
if ( $sessionId ) {
session_id( $sessionId );
if ( $expire == 0 ) {
$expire = time() + $wgCookieExpiration;
}
- $httpOnlySafe = wfHttpOnlySafe();
+ $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
wfDebugLog( 'cookie',
'setcookie: "' . implode( '", "',
array(
$wgCookiePath,
$wgCookieDomain,
$wgCookieSecure,
- $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
- if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {
- setcookie( $wgCookiePrefix . $name,
- $value,
- $expire,
- $wgCookiePath,
- $wgCookieDomain,
- $wgCookieSecure,
- $wgCookieHttpOnly );
- } else {
- // setcookie() fails on PHP 5.1 if you give it future-compat paramters.
- // stab stab!
- setcookie( $wgCookiePrefix . $name,
- $value,
- $expire,
- $wgCookiePath,
- $wgCookieDomain,
- $wgCookieSecure );
- }
+ $httpOnlySafe ) ) . '"' );
+ setcookie( $wgCookiePrefix . $name,
+ $value,
+ $expire,
+ $wgCookiePath,
+ $wgCookieDomain,
+ $wgCookieSecure,
+ $httpOnlySafe );
}
}
return $this->cookies[$name];
}
}
-}
\ No newline at end of file
+}