summaryrefslogtreecommitdiff
path: root/it_session.class
diff options
context:
space:
mode:
Diffstat (limited to 'it_session.class')
-rw-r--r--it_session.class16
1 files changed, 14 insertions, 2 deletions
diff --git a/it_session.class b/it_session.class
index f1dc541..866e197 100644
--- a/it_session.class
+++ b/it_session.class
@@ -165,7 +165,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide
$result = !$valid; /* Setting to invalid succeeded or setting to valid failed */
}
- @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
+ self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]);
$_COOKIE[$this->cookiename] = $this->cookie;
return $result;
@@ -190,7 +190,7 @@ function create_login_identifier()
if (!$this->cookie)
{
$this->cookie = md5(uniqid(rand())); /* random garbage */
- @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
+ self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]);
}
$login_identifier = $this->_mkcookie("", $this->cookie);
@@ -240,6 +240,18 @@ function check_signature($text, $signature)
($this->_sign($text, $this->prev) == $signature));
}
+/*
+ * Set cookie with options as safe as possible for session
+ * @param $p['name'] Name of cookie
+ * @param $p['value'] Value of cookie
+ * @param $p Other options: expires, path, domain, secure, httponly and samesite
+ */
+static function setcookie($p)
+{
+ $p += [ 'path' => '/', 'httponly' => true, 'samesite' => 'Lax' ];
+ return version_compare(PHP_VERSION, '7.3.0') >= 0 ? @setcookie($p['name'], $p['value'], $p) : @setcookie($p['name'], $p['value'], $p['expires'], $p['path'], $p['domain'], $p['secure'], $p['httponly']);
+}
+
} /* End class it_user */
?>