Fixes phalcon#13464: httpOnly is no longer initialised with a value

CameronHall · Dec 24, 2018 · 2385c36 · 2385c36
1 parent 80ced23
commit 2385c36
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG-4.0.md b/CHANGELOG-4.0.md
@@ -97,6 +97,7 @@
     - the `Phalcon\Session\Bag` using the name `sessionBag` 
   [#12921](https://github.com/phalcon/cphalcon/issues/12921)
 - Changed the `Phalcon\Session` namespace by refactoring the component. `Phalcon\Session\Manager` is now the single component offering session manipulation by using adapters. Each adapter implements PHP's `SessionHandlerInterface`. Available adapters are `Phalcon\Session\Files`, `Phalcon\Session\Libmemcached`, `Phalcon\Session\Noop` and `Phalcon\Session\Redis`.  [#12921](https://github.com/phalcon/cphalcon/issues/12833), (https://github.com/phalcon/cphalcon/issues/11341), (https://github.com/phalcon/cphalcon/issues/13535)
+- Changed `Phalcon\Http\Cookie`, `httpOnly` is no longer initialised with a value [#13464](https://github.com/phalcon/cphalcon/issues/13464)
 
 ## Removed
 - PHP < 7.2 no longer supported
@@ -147,4 +148,4 @@
 - Removed calling `Phalcon\Mvc\Collection::validate` with object of type `Phalcon\Mvc\Model\ValidatorInterface`
 
 ## Fixed
-- Fixed `Phalcon\Mvc\Models` magic method (setter) is fixed for arrays  [#13661](https://github.com/phalcon/cphalcon/issues/13661)
+- Fixed `Phalcon\Mvc\Models` magic method (setter) is fixed for arrays  [#13661](https://github.com/phalcon/cphalcon/issues/13661)
diff --git a/phalcon/http/cookie.zep b/phalcon/http/cookie.zep
@@ -57,7 +57,7 @@ class Cookie implements CookieInterface, InjectionAwareInterface
 
 	protected _secure;
 
-	protected _httpOnly = true;
+	protected _httpOnly;
 
 	/**
 	 * The cookie's sign key.