Browse Source

Added http_only configuration item to session cookie.

Taylor Otwell 13 years ago
parent
commit
ca97abe77f
1 changed files with 1 additions and 1 deletions
  1. 1 1
      system/session.php

+ 1 - 1
system/session.php

@@ -198,7 +198,7 @@ class Session {
 		{
 			$minutes = (Config::get('session.expire_on_close')) ? 0 : Config::get('session.lifetime');
 
-			Cookie::put('laravel_session', static::$session['id'], $minutes, Config::get('session.path'), Config::get('session.domain'), Config::get('session.https'));
+			Cookie::put('laravel_session', static::$session['id'], $minutes, Config::get('session.path'), Config::get('session.domain'), Config::get('session.https'), Config::get('session.http_only'));
 		}
 
 		// 2% chance of performing session garbage collection...