http://php.net/manual/en/function.setcookie.php
see 6th argument to setcookie.
It saves session with Encryption and using md5 but still security softwares objects your website because
non secure session.
I was searching for a while do it good way, but didnt find it, so I came up with this hack.
In CI_HOME/system/libraries/Session.php
Basically CI passes $secure = 0 as a hardcoded argument to setcookie function.
I set this value to 1. one can write some more code to make it configurable thru CI config file.
With $secure=1, Session cookie wont be saved for domains accessed with http://urdomain.com
it only works with https://urdomain.com
Let me know if its issue or better way doing this.
All the best.
No comments:
Post a Comment