diff --git a/LibreNMS/Config.php b/LibreNMS/Config.php index 7df867c0bd..0a779b5bc0 100644 --- a/LibreNMS/Config.php +++ b/LibreNMS/Config.php @@ -442,10 +442,6 @@ class Config self::set('email_from', '"' . self::get('project_name') . '" <' . self::get('email_user') . '@' . php_uname('n') . '>'); } - if (self::get('secure_cookies')) { - ini_set('session.cookie_secure', 1); - } - // If we're on SSL, let's properly detect it if (isset($_SERVER['HTTPS'])) { self::set('base_url', preg_replace('/^http:/', 'https:', self::get('base_url'))); diff --git a/doc/General/Security.md b/doc/General/Security.md index 83b1c0fcac..095269a6ee 100644 --- a/doc/General/Security.md +++ b/doc/General/Security.md @@ -13,9 +13,6 @@ a firewall or VPN. It is also highly recommended that the Web interface is protected with an SSL certificate such as ones provided by [LetsEncrypt](http://www.letsencrypt.org). -When using HTTPS, it is recommended that you use secure, encrypted cookies to prevent session -hijacking attacks. Set ``$config['secure_cookies'] = true;`` in ``config.php`` to enable these. - Please ensure you keep your install [up to date](Updating.md). ### Reporting vulnerabilities diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php index f81d4e78e8..bf4931015a 100644 --- a/includes/defaults.inc.php +++ b/includes/defaults.inc.php @@ -988,13 +988,6 @@ $config['xirrus_disable_stations'] = false; // Graphite default port $config['graphite']['port'] = 2003; -// Whether to enable secure cookies. Setting this to true enable secure cookies -// and only send them over HTTPS. Setting this to false will send cookies over -// HTTP and HTTPS, but they will be insecure. Setting this to $_SERVER["HTTPS"] -// will send secure cookies when the site is being accessed over HTTPS, and -// send insecure cookies when the site is being accessed over HTTP. -$config['secure_cookies'] = isset($_SERVER["HTTPS"]) ? $_SERVER["HTTPS"] : false; - // API config $config['api']['cors']['enabled'] = false; $config['api']['cors']['origin'] = '*';