OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Enabling HTTPOnly Flag for Cookies

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.

Enabling HTTPOnly Flag for Cookies

Postby lvlichael » Wed Jan 09, 2013 10:25 am

What is the best method for enabling the HTTPOnly flag for cookies? I have 'session.cookie_httponly = true' in my php.ini file, but I am still not seeing the change reflect in OJS.
lvlichael
 
Posts: 2
Joined: Wed Jan 09, 2013 10:22 am

Re: Enabling HTTPOnly Flag for Cookies

Postby asmecher » Wed Jan 09, 2013 11:18 am

Hi lvlichael,

Could you check that you're using at least PHP 5.2.0? Versions prior to that don't support the HTTPOnly configuration option. Alternately, look into supplying the optional 7th parameter to the setcookie function in lib/pkp/classes/session/SessionManager.inc.php. (Depending on how your web server is configured, you may also need to restart it in order for php.ini changes to take effect.)

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 10015
Joined: Wed Aug 10, 2005 12:56 pm

Re: Enabling HTTPOnly Flag for Cookies

Postby lvlichael » Wed Jan 09, 2013 12:47 pm

Thanks, asmecher. Editing it manually into setcookie function worked like charm.
lvlichael
 
Posts: 2
Joined: Wed Jan 09, 2013 10:22 am


Return to OJS Technical Support

Who is online

Users browsing this forum: No registered users and 2 guests