On 2018年04月24日 13:01, hlmo...@freenet.de wrote:
>
> Hallo,
>
> Our services must pass a scan test.
> Nikto say:
>
> + GET Cookie SQMSESSID created without the httponly flag
>
> I have not found a config option.
>
> I found following function:
>
> # vi ./functions/global.php
> 589 function sqsetcookie($sName, $sValue='deleted', $iExpire=0,
> $sPath="", $sDomain="",
> 590 $bSecure=false, $bHttpOnly=true,
> $bReplace=false) {
>
> But all calls use only 4 options (example):
> 663 sqsetcookie(session_name(), session_id(), 0, $base_uri);
>
> I have tried following changes, but without success:
>
> # diff ./functions/global.php.org ./functions/global.php
> 590c590
> $bSecure=true, $bHttpOnly=true, $bReplace=false) {
>
> Howto create Cookie with httponly flag?
>
> Regards Heimo.
>
>
> SquirrelMail version 1.5.1
I believe I already replied to this.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
