summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Schneider2020-01-13 14:55:42 +0100
committerChristian Schneider2020-01-13 14:55:42 +0100
commit4e96426bdb7a46e2d65077461495af034ae65e4d (patch)
tree2431cd7b4c515aef06c40e8d263592bea0769a99
parent418787ca78f49be053c35fb6486ec55c4c7e94b2 (diff)
downloaditools-4e96426bdb7a46e2d65077461495af034ae65e4d.tar.gz
itools-4e96426bdb7a46e2d65077461495af034ae65e4d.tar.bz2
itools-4e96426bdb7a46e2d65077461495af034ae65e4d.zip
Use SameSite policy Lax for session cookie
-rw-r--r--it_session.class8
1 files changed, 3 insertions, 5 deletions
diff --git a/it_session.class b/it_session.class
index f1dc541..af26082 100644
--- a/it_session.class
+++ b/it_session.class
@@ -165,7 +165,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide
$result = !$valid; /* Setting to invalid succeeded or setting to valid failed */
}
- @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
+ it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]);
$_COOKIE[$this->cookiename] = $this->cookie;
return $result;
@@ -190,7 +190,7 @@ function create_login_identifier()
if (!$this->cookie)
{
$this->cookie = md5(uniqid(rand())); /* random garbage */
- @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
+ it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]);
}
$login_identifier = $this->_mkcookie("", $this->cookie);
@@ -240,6 +240,4 @@ function check_signature($text, $signature)
($this->_sign($text, $this->prev) == $signature));
}
-} /* End class it_user */
-
-?>
+} /* End class it_session */