summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Schneider2020-01-13 14:53:19 +0100
committerChristian Schneider2020-01-13 14:53:19 +0100
commit418787ca78f49be053c35fb6486ec55c4c7e94b2 (patch)
tree309418f8a1e4c7d9196406a14c10e76566a9c59b
parent2a342bf5f40475ab92bcfa0de5551b16097a9e4e (diff)
downloaditools-418787ca78f49be053c35fb6486ec55c4c7e94b2.tar.gz
itools-418787ca78f49be053c35fb6486ec55c4c7e94b2.tar.bz2
itools-418787ca78f49be053c35fb6486ec55c4c7e94b2.zip
Use SameSite policy Lax for uid cookie
-rw-r--r--it_user.class5
1 files changed, 2 insertions, 3 deletions
diff --git a/it_user.class b/it_user.class
index 26046cf..18c4bbd 100644
--- a/it_user.class
+++ b/it_user.class
@@ -30,6 +30,7 @@ define('IT_USER_STATUS_SESSION', 5); /* Has a valid session */
define('_IT_USER_UID_COOKIE', 'UID');
define('_IT_USER_UID_COOKIE_LIFETIME', 0x7FFFFFFF); /* Forever :-) */
define('_IT_USER_STATUS_INVALID', 0); /* INTERNAL: Not yet evaluated */
+define('_IT_USER_COOKIE_SAMESITE', 'Lax');
class it_user extends it_dbi
{
@@ -205,7 +206,7 @@ function _set_uid($uid)
if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid))
{
- @setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain, false, true);
+ it::setcookie($this->p['uidcookiename'], $uid, [ 'expires' => _IT_USER_UID_COOKIE_LIFETIME, 'path' => "/", 'domain' => $this->domain, 'secure' => false, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]);
$_COOKIE[$this->p['uidcookiename']] = $uid;
}
}
@@ -499,5 +500,3 @@ function check_url($withsession = false)
}
} /* End class it_user */
-
-?>