diff options
author | Christian Schneider | 2020-01-13 14:53:19 +0100 |
---|---|---|
committer | Christian Schneider | 2020-01-13 14:53:19 +0100 |
commit | 418787ca78f49be053c35fb6486ec55c4c7e94b2 (patch) | |
tree | 309418f8a1e4c7d9196406a14c10e76566a9c59b | |
parent | 2a342bf5f40475ab92bcfa0de5551b16097a9e4e (diff) | |
download | itools-418787ca78f49be053c35fb6486ec55c4c7e94b2.tar.gz itools-418787ca78f49be053c35fb6486ec55c4c7e94b2.tar.bz2 itools-418787ca78f49be053c35fb6486ec55c4c7e94b2.zip |
Use SameSite policy Lax for uid cookie
-rw-r--r-- | it_user.class | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/it_user.class b/it_user.class index 26046cf..18c4bbd 100644 --- a/it_user.class +++ b/it_user.class @@ -30,6 +30,7 @@ define('IT_USER_STATUS_SESSION', 5); /* Has a valid session */ define('_IT_USER_UID_COOKIE', 'UID'); define('_IT_USER_UID_COOKIE_LIFETIME', 0x7FFFFFFF); /* Forever :-) */ define('_IT_USER_STATUS_INVALID', 0); /* INTERNAL: Not yet evaluated */ +define('_IT_USER_COOKIE_SAMESITE', 'Lax'); class it_user extends it_dbi { @@ -205,7 +206,7 @@ function _set_uid($uid) if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid)) { - @setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain, false, true); + it::setcookie($this->p['uidcookiename'], $uid, [ 'expires' => _IT_USER_UID_COOKIE_LIFETIME, 'path' => "/", 'domain' => $this->domain, 'secure' => false, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]); $_COOKIE[$this->p['uidcookiename']] = $uid; } } @@ -499,5 +500,3 @@ function check_url($withsession = false) } } /* End class it_user */ - -?> |