From b29ef818d9853f86889ced60b3d7bcc4a4afe4ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Thu, 21 Jan 2010 13:01:27 +0000
Subject: [PATCH] Properly initialize session cookie params.

This was mistakenly commented out. We can also use httponly parameter
instead of injecting it manually because PHP >= 5.2.0 supports it.
---
 libraries/session.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libraries/session.inc.php b/libraries/session.inc.php
index ee370eb0b..c4b59271c 100644
--- a/libraries/session.inc.php
+++ b/libraries/session.inc.php
@@ -31,8 +31,8 @@ if (!@function_exists('session_name')) {
 //ini_set('session.auto_start', 0);
 
 // session cookie settings
-//session_set_cookie_params(0, PMA_Config::getCookiePath() . '; HttpOnly',
-//    '', PMA_Config::isHttps());
+session_set_cookie_params(0, $GLOBALS['PMA_Config']->getCookiePath(),
+    '', $GLOBALS['PMA_Config']->isHttps(), true);
 
 // cookies are safer (use @ini_set() in case this function is disabled)
 @ini_set('session.use_cookies', true);