another best practice

git-svn-id: http://dev.piwik.org/svn/trunk@3711 59fd770c-687e-43c8-a1e3-f5a4ff64c105
author: robocoder <anthon.pang@gmail.com> 2011-01-12 04:39:59 +0300
committer: robocoder <anthon.pang@gmail.com> 2011-01-12 04:39:59 +0300
commit: 02531f1e908aafc1754b90e5d476e02e3d65a223 (patch)
tree: 98fcd20ed9ff8452b3054f553161fd3f6cfe8caf /plugins/Login
parent: b18bf7ab4fd66433cc26ba3bd63ddfeb20e70cc6 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/plugins/Login/Login.php b/plugins/Login/Login.php
index 5f43361f76..f4e23f56ee 100644
--- a/plugins/Login/Login.php
+++ b/plugins/Login/Login.php
@@ -133,6 +133,7 @@ class Piwik_Login extends Piwik_Plugin
 		$cookie->set('login', $login);
 		$cookie->set('token_auth', $auth->getHashTokenAuth($login, $authResult->getTokenAuth()));
 		$cookie->setSecure(Piwik::isHttps());
+		$cookie->setHttpOnly(true);
 		$cookie->save();
 
 		Piwik_Session::regenerateId();
author	robocoder <anthon.pang@gmail.com>	2011-01-12 04:39:59 +0300
committer	robocoder <anthon.pang@gmail.com>	2011-01-12 04:39:59 +0300
commit	02531f1e908aafc1754b90e5d476e02e3d65a223 (patch)
tree	98fcd20ed9ff8452b3054f553161fd3f6cfe8caf /plugins/Login
parent	b18bf7ab4fd66433cc26ba3bd63ddfeb20e70cc6 (diff)