From 92e634db66272b6151392dbef74c1a40baa8437c Mon Sep 17 00:00:00 2001
From: Alexander Makarov <sam@rmcreative.ru>
Date: Fri, 29 Mar 2013 22:54:45 +0400
Subject: [PATCH] Ability to configure session cookie, httponly by default

---
 framework/web/Session.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/framework/web/Session.php b/framework/web/Session.php
index 3e0f599..4c0505f 100644
--- a/framework/web/Session.php
+++ b/framework/web/Session.php
@@ -60,6 +60,13 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co
 	public $flashVar = '__flash';
 
 	/**
+	 * @var array parameter-value pairs to override default session cookie parameters
+	 */
+	public $cookieParams = array(
+		'httponly' => true
+	);
+
+	/**
 	 * Initializes the application component.
 	 * This method is required by IApplicationComponent and is invoked by application.
 	 */
@@ -111,6 +118,8 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co
 				);
 			}
 
+			$this->setCookieParams($this->cookieParams);
+
 			@session_start();
 
 			if (session_id() == '') {