Author: ekb87ds02
Description:
There's a setting, $wfCookieSecure, that determines whether the cookies used by
mediawiki are supposed to be https only. This setting is not honored for the
session cookie. The interface to do that is new in PHP 4.2.0; as mediawiki now
requires PHP 5, it can be enabled.
Note that there is a similar bug 4731 for the httponly parameter, but that is
new in PHP 5.2 so it might be undesirable to enable that.
See also
http://www.php.net/manual/en/function.session-set-cookie-params.php
Version: unspecified
Severity: normal
OS: Windows XP
Platform: PC