From 37c0701700bb4d5bae025a3e56233fdbbe07b53c Mon Sep 17 00:00:00 2001
From: SergiX44 <sergio@brighenti.me>
Date: Sun, 1 Aug 2021 12:52:32 +0200
Subject: [PATCH] improve remember cookie security

---
 app/Controllers/Controller.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/Controllers/Controller.php b/app/Controllers/Controller.php
index 8de087c..cd2e939 100644
--- a/app/Controllers/Controller.php
+++ b/app/Controllers/Controller.php
@@ -128,12 +128,13 @@ abstract class Controller
 
         // Workaround for php <= 7.3
         if (PHP_VERSION_ID < 70300) {
-            setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);
+            setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Strict', '', isSecure(), true);
         } else {
             setcookie('remember', "{$selector}:{$token}", [
                 'expires' => $expire,
                 'httponly' => true,
-                'samesite' => 'Lax',
+                'samesite' => 'Strict',
+                'secure' => isSecure(),
             ]);
         }
     }