Skip to content

Commit

Permalink
Session now respects the http_only config option (#13825)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ddmills @taylorotwell
ddmills authored and taylorotwell committed Jun 2, 2016
1 parent c9d9748 commit bf05d24
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/Illuminate/Session/Middleware/StartSession.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,8 @@ protected function addCookieToResponse(Response $response, SessionInterface $ses
if ($this->sessionIsPersistent($config = $this->manager->getSessionConfig())) {
$response->headers->setCookie(new Cookie(
$session->getName(), $session->getId(), $this->getCookieExpirationDate(),
$config['path'], $config['domain'], Arr::get($config, 'secure', false)
$config['path'], $config['domain'], Arr::get($config, 'secure', false),
Arr::get($config, 'http_only', true)
));
}
}
Expand Down

0 comments on commit bf05d24

Please sign in to comment.