make session cookies http only

[cgilite] / session.sh

diff --git a/session.sh b/session.sh
index 27693289adfe4d2163ef435a7cdf30a81e9d40e2..3f3839ae8b167975a5e5231582509c5484d1f025 100755 (executable)
--- a/session.sh
+++ b/session.sh
@@ -64,5 +64,5 @@ update_session(){
 }
 
 SESSION_ID="$(update_session)"
-SET_COOKIE 0 "session=$SESSION_ID"
+SET_COOKIE 0 "session=$SESSION_ID" HttpOnly
 SESSION_ID="${SESSION_ID%%-*}"