diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php index 1cf894bf..33aa1151 100644 --- a/public/include/config/global.inc.dist.php +++ b/public/include/config/global.inc.dist.php @@ -349,16 +349,43 @@ $config['memcache']['splay'] = 15; /** * Cookie configiration * - * For multiple installations of this cookie change the cookie name + * You can configure the cookie behaviour to secure your cookies more than the PHP defaults + * + * For multiple installations of mmcfe-ng on the same domain you must change the cookie + * path or change the cookie name to avoid conflicts. + * + * Description + * duration: the amount of time, in seconds, that a cookie should persist in the users + * browser. 0 = until closed; 1440 = 24 minutes. + * + * domain: the only domain name that may access this cookie in the browser + * + * path: the highest path on the domain that can access this cookie; i.e. if running + * two pools from a single domain you might set the path /ltc/ and /ftc/ to + * separate user session cookies between the two. + * + * httponly: marks the cookie as accessible only through the HTTP protocol. The cookie + * can't be accessed by scripting languages, such as JavaScript. This can + * help to reduce identity theft through XSS attacks in most browsers. + * + * secure: marks the cookie as accessible only through the HTTPS protocol. If you're + * using SSL this will stop a user accidently accessing the site without SSL + * and exposing their session cookie. * * Default: - * path = '/' - * name = 'POOLERCOOKIE' - * domain = '' + * duration = '1440' + * domain = '' + * path = '/' + * name = 'POOLERCOOKIE' + * httponly = true + * secure = false **/ +$config['cookie']['duration'] = '1440'; +$config['cookie']['domain'] = ''; $config['cookie']['path'] = '/'; $config['cookie']['name'] = 'POOLERCOOKIE'; -$config['cookie']['domain'] = ''; +$config['cookie']['httponly'] = true; +$config['cookie']['secure'] = false; /** * Enable or disable the Smarty cache