is the lifetime of the cookie in minutes, and the optional
<em>path</em> is the path of the cookie. If <em>secure</em>
is set to 'true' or '1', the cookie is only transmitted via secured
- connections. If <em>httponly</em> is set to any string, the
+ connections. If <em>httponly</em> is set to 'true' or '1', the
<code>HttpOnly</code> flag is used, making the cookie inaccessible
to JavaScript code on browsers that support this feature.</dd>
"; domain=", domain,
expires ? "; expires=" : NULL,
expires ? exp_time : NULL,
- secure ? ((strcasecmp(secure, "true") == 0
- || strcasecmp(secure, "1") == 0) ?
- "; secure" : NULL) : NULL,
- httponly ? "; HttpOnly" : NULL,
+ (secure && (!strcasecmp(secure, "true")
+ || !strcasecmp(secure, "1"))) ?
+ "; secure" : NULL,
+ (httponly && (!strcasecmp(httponly, "true")
+ || !strcasecmp(httponly, "1"))) ?
+ "; HttpOnly" : NULL,
NULL);
apr_table_addn(rmain->err_headers_out, "Set-Cookie", cookie);
projects / apache / commitdiff