From e91007ce1623a25818fc6545662caad683bf696b Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Tue, 10 Sep 2019 16:12:10 +0200 Subject: Revert "New it_session::setcookie() which uses SameSite=Lax" This reverts commit 7cacb3fbd49cdd5b960242e5c988e94d823eae67. --- it_session.class | 16 ++-------------- it_user.class | 2 +- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/it_session.class b/it_session.class index 866e197..f1dc541 100644 --- a/it_session.class +++ b/it_session.class @@ -165,7 +165,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ } - self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]); + @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); $_COOKIE[$this->cookiename] = $this->cookie; return $result; @@ -190,7 +190,7 @@ function create_login_identifier() if (!$this->cookie) { $this->cookie = md5(uniqid(rand())); /* random garbage */ - self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]); + @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); } $login_identifier = $this->_mkcookie("", $this->cookie); @@ -240,18 +240,6 @@ function check_signature($text, $signature) ($this->_sign($text, $this->prev) == $signature)); } -/* - * Set cookie with options as safe as possible for session - * @param $p['name'] Name of cookie - * @param $p['value'] Value of cookie - * @param $p Other options: expires, path, domain, secure, httponly and samesite - */ -static function setcookie($p) -{ - $p += [ 'path' => '/', 'httponly' => true, 'samesite' => 'Lax' ]; - return version_compare(PHP_VERSION, '7.3.0') >= 0 ? @setcookie($p['name'], $p['value'], $p) : @setcookie($p['name'], $p['value'], $p['expires'], $p['path'], $p['domain'], $p['secure'], $p['httponly']); -} - } /* End class it_user */ ?> diff --git a/it_user.class b/it_user.class index a972130..26046cf 100644 --- a/it_user.class +++ b/it_user.class @@ -205,7 +205,7 @@ function _set_uid($uid) if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid)) { - it_session::setcookie([ 'name' => $this->p['uidcookiename'], 'value' => $uid, 'expires' => _IT_USER_UID_COOKIE_LIFETIME, 'domain' => $this->domain, 'secure' => false ]); + @setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain, false, true); $_COOKIE[$this->p['uidcookiename']] = $uid; } } -- cgit v1.2.3