Controlling cookie settings for persisted user states

We have a requirement to set our cookies against a specific domain, and with the httpOnly flag set to true.

It would be great to have the facility in CWebUser to configure the settings on the cookie it uses to store state.

As a workaround I have overriden CWebUser->saveToCookie and copied the parent implementation, adding a few extra lines to set the properties of the CHttpCookie object before it is saved.

Does anyone know a cleaner way?  Tnx

I just added CWebUser::identityCookie property which you can specify an array of initial property values for the identity cookie.

Great, thanks Qiang –  I love being able to remove code!