Not a bug  HttpOnly?

OhJames

New member
Hello

Why is HttpOnly send lower-case (httponly) and not as HttpOnly?
This is an issue for us as our framework is ignoring lowercase httponly cookies as "not well formatted"

Thanks

James
 

OhJames

New member
Thanks for the reply.

Is there any way to disable httponly using config.php?
Something like
$config['cookie']['httponly'] = 'false';
Found a way to disable it direct in the code (setcookie in session.php), but it would be nice if there would be a way directly in the config file
thanks
 

Mike

XenForo developer
Staff member
I think you'll have to continue with code changes for it - it's a reasonable security feature so I don't see any reason to allow it to be disabled. You'd run into your issue with any PHP app that uses it (that doesn't write its own cookie sending function).
 
Top