From f0f0f2ff8ebf103766b1b26ae80097cc67b55096 Mon Sep 17 00:00:00 2001
From: HB9HIL <fabian.berg@hb9hil.org>
Date: Thu, 11 Jul 2024 17:43:31 +0200
Subject: [PATCH] add httponly to cookie settings

---
 application/controllers/User.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/application/controllers/User.php b/application/controllers/User.php
index 362eb407b..da470bacb 100644
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@@ -881,7 +881,8 @@ class User extends CI_Controller {
 						'name'   => 'keep_login',
 						'value'  => $encrypted_string,
 						'expire' => '2592000',  // 30 days
-						'secure' => TRUE
+						'secure' => TRUE,
+						'httponly' => TRUE
 					);
 					$this->input->set_cookie($cookie);
 				}