[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-devel
Subject:    [SM-DEVEL] HttpOnly cookies
From:       "Marc Groot Koerkamp" <marc () squirrelmail ! org>
Date:       2005-10-15 17:01:14
Message-ID: 47901.172.19.3.10.1129395674.squirrel () www ! grootkoerkamp ! net
[Download RAW message or body]

Hello List,

The idea from Thijs last week is now fully implemented in 1.5.1 CVS.

This means that javascript can no longer access the cookies we set in
SquirrelMail if IE6 is the browser.

In order to achieve this I created 2 extra functions, sqsession_start and
sqsetcookie.

sqsetcookie sets the cookie by making use of the header function instead
of the php setcookie function. That gave us more freedom and made it
possible to add the extra cookie attribute (HtppOnly).

sqsession_start starts the session with session_start. After that i
rewrite the cookie containing the SQMSESSID value (the session id) with
the sqsetcookie function in order to achieve the HttpOnly attribute also
is set on the session id.

I hope everything keeps working (it works for me on IE6 and FF 1.07). If
not, please report it through the proper channels.

Regards,

Marc Groot Koerkamp.



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
--
squirrelmail-devel mailing list
Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: squirrelmail-devel@lists.sourceforge.net
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.devel
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=7139
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]