Hallo,Our services must pass a scan test.Nikto say:+ GET Cookie SQMSESSID
created without the httponly flagI have not found a config option.I found
following function:# vi ./functions/global.php 589 function
sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="",$sDomain="",
590 $bSecure=false, $bHttpOnly=true, $bReplace=false) {But
all calls use only 4 options (example): 663
sqsetcookie(session_name(), session_id(), 0, $base_uri);I have tried following
changes, but without success:# diff ./functions/global.php.org
./functions/global.php590c590 $bSecure=true,
$bHttpOnly=true, $bReplace=false) {Howto create Cookie with httponly
flag?Regards Heimo.SquirrelMail version 1.5.1
--
Schon gewusst?! Neben dem E-Mail-Postfach bietet freenet.de auch eine
INTEGRIERTE CLOUD-LĂ–SUNG MIT 3 GB SPEICHER und das alles KOMPLETT
KOSTENFREI.
https://email.freenet.de/index.html
[https://email.freenet.de/index.html?utm_medium=Mail%20Basic&utm_source=Mailfooter&utm_campaign=Footer%20A&epid=e9900000927&utm_content=Link]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
