From 218b37df455f11a8bdb0a1069261f3d5fb6d69f5 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 16 Jul 2017 11:55:47 +0200
Subject: [PATCH] login, cookies. set secure; HttpOnly on test_cookie as well
 to avoid false positives on pci scan

---
 src/etc/inc/authgui.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index 05695a910..a16c539f8 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -384,7 +384,7 @@ function display_login_form($Login_Error = '')
             }
         }
     }
-    setcookie("cookie_test", time() + 3600);
+    setcookie("cookie_test", time() + 3600 ,  time() + 3600, '/', null, $config['system']['webgui']['protocol'] == "https", true);
     $have_cookies = isset($_COOKIE["cookie_test"]);
 
 ?><!doctype html>