summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/session.inc3
1 files changed, 3 insertions, 0 deletions
diff --git a/includes/session.inc b/includes/session.inc
index c9113982f..aae3f29ff 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -163,6 +163,9 @@ function _sess_write($key, $value) {
*/
function drupal_session_regenerate() {
$old_session_id = session_id();
+ extract(session_get_cookie_params());
+ // Set "httponly" to TRUE to reduce the risk of session stealing via XSS.
+ session_set_cookie_params($lifetime, $path, $domain, $secure, TRUE);
session_regenerate_id();
db_update('sessions')
->fields(array(
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 07:56:09 +0000