8 Dec
2008
8 Dec
'08
3:42 p.m.
User: goba Branch: DRUPAL-6 Date: Mon, 08 Dec 2008 14:42:30 +0000 Modified files: /includes session.inc Log message: #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS Links: http://cvs.drupal.org/diff.php?path=drupal/includes/session.inc&old=1.44.2.4...