Added http_only option to session configuration.

db45be96 · Taylor Otwell · d6e1d542 · db45be96
Commit db45be96 authored Jul 22, 2011 by Taylor Otwell
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 1 deletions

application/config/session.php
+17 -1

No files found.
--- a/application/config/session.php
+++ b/application/config/session.php
@@ -16,7 +16,7 @@ return array(
 	|
 	*/
-	'driver' => '',
+	'driver' => 'file',
 	/*
 	|--------------------------------------------------------------------------
@@ -86,4 +86,19 @@ return array(
 	'https' => false,
+	/*
+	|--------------------------------------------------------------------------
+	| HTTP Only Session Cookie
+	|--------------------------------------------------------------------------
+	|
+	| Should the session cookie only be accessible over HTTP?
+	|
+	| Note: The intention of the "HTTP Only" option is to keep cookies from
+	|       being accessed by client-side scripting languages. However, this
+	|       setting should not be viewed as providing total XSS protection.
+	|
+	*/
+	'http_only' => false,
 );
\ No newline at end of file