diff options
author | Christian Schneider | 2020-01-13 14:55:42 +0100 |
---|---|---|
committer | Christian Schneider | 2020-01-13 14:55:42 +0100 |
commit | 4e96426bdb7a46e2d65077461495af034ae65e4d (patch) | |
tree | 2431cd7b4c515aef06c40e8d263592bea0769a99 | |
parent | 418787ca78f49be053c35fb6486ec55c4c7e94b2 (diff) | |
download | itools-4e96426bdb7a46e2d65077461495af034ae65e4d.tar.gz itools-4e96426bdb7a46e2d65077461495af034ae65e4d.tar.bz2 itools-4e96426bdb7a46e2d65077461495af034ae65e4d.zip |
Use SameSite policy Lax for session cookie
-rw-r--r-- | it_session.class | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/it_session.class b/it_session.class index f1dc541..af26082 100644 --- a/it_session.class +++ b/it_session.class @@ -165,7 +165,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ } - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); + it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]); $_COOKIE[$this->cookiename] = $this->cookie; return $result; @@ -190,7 +190,7 @@ function create_login_identifier() if (!$this->cookie) { $this->cookie = md5(uniqid(rand())); /* random garbage */ - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); + it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]); } $login_identifier = $this->_mkcookie("", $this->cookie); @@ -240,6 +240,4 @@ function check_signature($text, $signature) ($this->_sign($text, $this->prev) == $signature)); } -} /* End class it_user */ - -?> +} /* End class it_session */ |