MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > ...
Full Version: ...
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

pyridine

2011-11-27, 08:17 PM
You can put this at the beginning of global.php:
ini_set('session.cookie_httponly', true);
It will only allow access to the session id via the HTTP protocol (Hence, JS won't be able to touch it.) but keep in mind it isn't supported in all browsers.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > ...