From 4e96426bdb7a46e2d65077461495af034ae65e4d Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Mon, 13 Jan 2020 14:55:42 +0100 Subject: Use SameSite policy Lax for session cookie --- it_session.class | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/it_session.class b/it_session.class index f1dc541..af26082 100644 --- a/it_session.class +++ b/it_session.class @@ -165,7 +165,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ } - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); + it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]); $_COOKIE[$this->cookiename] = $this->cookie; return $result; @@ -190,7 +190,7 @@ function create_login_identifier() if (!$this->cookie) { $this->cookie = md5(uniqid(rand())); /* random garbage */ - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); + it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]); } $login_identifier = $this->_mkcookie("", $this->cookie); @@ -240,6 +240,4 @@ function check_signature($text, $signature) ($this->_sign($text, $this->prev) == $signature)); } -} /* End class it_user */ - -?> +} /* End class it_session */ -- cgit v1.2.3