From b4f0cf7a38a94a4e67e05ed8a11e2736e56d7940 Mon Sep 17 00:00:00 2001
From: Pierre Rudloff <contact@rudloff.pro>
Date: Mon, 3 Jul 2017 10:35:28 +0200
Subject: [PATCH] Use HttpOnly session cookies

---
 classes/LocaleManager.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/classes/LocaleManager.php b/classes/LocaleManager.php
index d822588..9c9ce9d 100644
--- a/classes/LocaleManager.php
+++ b/classes/LocaleManager.php
@@ -40,6 +40,7 @@ class LocaleManager
     {
         $session_factory = new \Aura\Session\SessionFactory();
         $session = $session_factory->newInstance($cookies);
+        $session->setCookieParams(['httponly' => true]);
         $this->sessionSegment = $session->getSegment('Alltube\LocaleManager');
         $cookieLocale = $this->sessionSegment->get('locale');
         if (isset($cookieLocale)) {