BuddyPress httponly – session.cookie_httponly, bp-custom.php

Home Forums BulletProof Security Pro BuddyPress httponly – session.cookie_httponly, bp-custom.php

Tagged: , , , ,

Viewing 1 post (of 1 total)
  • Author
    Posts
  • April 20, 2014 at 3:58 pm #15009
    AITpro Admin
    Keymaster

    Adding ini_set('session.cookie_httponly','On'); code to your wp-config.php file does not work for BuddyPress.  You instead need to create a bp-custom.php file (if you have not already created this file), add the code below at the top of your bp-custom.php file and upload bp-custom.php to the root of your /plugins/ folder.  It is possible this code would work in your theme’s functions.php file, but the bp-custom.php file is loaded first/early in the BuddyPress loading process.  One thing I am not 100% sure of is if an isset check needs to happen for session_start.  ie  if ( isset( $_COOKIE["PHPSESSID"] ) ) {. If a problem arises in the future then this code will be updated with that solution.

    IMPORTANT NOTE:  Unless your entire site is SSL then do NOT set session.cookie_secure to On.  Even then use extreme caution as this will probably break anything that is using SESSION.  If you are seeing php errors for lost MySQL DB connections then set this to Off.  If SESSION is malfunctioning in another plugin or something else you have installed on your website then turn set this to Off.  Setting this to On may also cause a slight decrease in page load speeds.

    session_cache_limiter('private, must-revalidate');
ini_set('session.cookie_httponly','On');
ini_set('session.cookie_secure','On');
ini_set('session.use_only_cookies','On');
// session_start() MUST come after ini_set() functions.
session_start();

    Source:  http://codex.buddypress.org/plugindev/bp-custom-php/

    bp-custom.php is a file that resides in your WordPress ‘plugins’ folder where you can add a bunch of custom code hacks and modifications to BuddyPress.

    bp-custom.php is often compared to your theme’s functions.php file.

    However, there are two primary differences between bp-custom.php and your theme’s functions.php.

    First, bp-custom.php runs from the /wp-content/plugins/ folder and is therefore independent from your theme. This is useful for adding code snippets that are BuddyPress-specific. Also, this code will always load regardless of what theme you are using.
    Secondly, bp-custom.php runs early in the BuddyPress-loading process. This allows you to override various settings in BuddyPress.

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.