From e7ae0845d842154c0a161b4573d6de5354533b98 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Fri, 13 Sep 2013 15:56:06 +0400
Subject: [PATCH] Set PHPSESSID cookie as HTTP-only

---
 src/messenger/webim/libs/common.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index 050eef9d..d9692afe 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -16,8 +16,7 @@
  */
 
 @ini_set('open_basedir', dirname(__FILE__) . '/../');
-
-session_start();
+@ini_set('session.cookie_httponly', TRUE);
 
 require_once(dirname(__FILE__) . '/converter.php');
 require_once(dirname(__FILE__) . '/config.php');
@@ -35,6 +34,8 @@ $home_locale = locale_pattern_check($home_locale) && locale_exists($home_locale)
 $version = '1.6.5';
 $jsver = "165";
 
+session_start();
+
 function myiconv($in_enc, $out_enc, $string)
 {
 	global $_utf8win1251, $_win1251utf8;