10 Dec
2008
10 Dec
'08
7:09 p.m.
User: drumm Branch: DRUPAL-5 Date: Wed, 10 Dec 2008 18:09:54 +0000 Modified files: /includes session.inc Log message: #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS Links: http://cvs.drupal.org/diff.php?path=drupal/includes/session.inc&old=1.37.2.5...