 |
I think you must use 'enableCookieValidation'=>true in application/config/config.php But after we must update LS core to use Yii::app()->request->cookies and noy $_COOKIES ;) add secure true don't prevent Cookie Attack For cookie in secure mode: we only need/want it if https is set to allow or force. |
|
|
You can set secure cookies manually in config.php: 'session' => array( 'cookieMode' => 'allow', 'cookieParams' => array( 'httpOnly' => true, 'secure' => true, ), ), And you can set enableCookieValidation to true too. 'request' => array( 'class'=>'LSHttpRequest', 'noCsrfValidationRoutes'=>array( 'remotecontrol' ), 'enableCsrfValidation'=>true, // CSRF protection 'enableCookieValidation'=>true // Enable to activate cookie protection ), [EDIT] remove domain and path cookie param |
|
|
Move it to documentation because it can be done in config.php. Maybe some secure true if SSL is set to force. |
 |
Thank you, works as expected with this code added to config.php. Much better solution than changing Yii core. |
|
|
For other user information : enableCookieValidation'=>true work good too ? Denis |
|
|
Unfortunately those settings do not work in my example. |
|
|
http://manual.limesurvey.org/Optional_settings#Session_settings |
|
|
Doc updated , maybe not the best place. But it's here. |
- Anonymous
