// session_starts sets the sessionid cookie buth without the httponly var
// setting the cookie again sets the httponly cookie attribute
// session_starts sets the sessionid cookie buth without the httponly var
// setting the cookie again sets the httponly cookie attribute
-
- sqsetcookie(session_name(),session_id(),false,$base_uri);
+ sqsetcookie(session_name(),$session_id,false,$base_uri);
-function sqsetcookie($sName,$sValue="",$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) {
+function sqsetcookie($sName,$sValue="deleted",$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) {
// if we have a secure connection then limit the cookies to https only.
if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
$bSecure = true;
}
// if we have a secure connection then limit the cookies to https only.
if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
$bSecure = true;
}
if (false && check_php_version(5,2)) {
// php 5 supports the httponly attribute in setcookie, but because setcookie seems a bit
// broken we use the header function for php 5.2 as well. We might change that later.
if (false && check_php_version(5,2)) {
// php 5 supports the httponly attribute in setcookie, but because setcookie seems a bit
// broken we use the header function for php 5.2 as well. We might change that later.
$Port = strpos($Domain, ':');
if ($Port !== false) $Domain = substr($Domain, 0, $Port);
}
$Port = strpos($Domain, ':');
if ($Port !== false) $Domain = substr($Domain, 0, $Port);
}
header('Set-Cookie: ' . rawurlencode($sName) . '=' . rawurlencode($sValue)
. (empty($iExpires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpires) . ' GMT')
. (empty($sPath) ? '' : '; path=' . $sPath)
header('Set-Cookie: ' . rawurlencode($sName) . '=' . rawurlencode($sValue)
. (empty($iExpires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpires) . ' GMT')
. (empty($sPath) ? '' : '; path=' . $sPath)