improve remember cookie security
This commit is contained in:
parent
0ef9f0e0a7
commit
37c0701700
|
@ -128,12 +128,13 @@ abstract class Controller
|
||||||
|
|
||||||
// Workaround for php <= 7.3
|
// Workaround for php <= 7.3
|
||||||
if (PHP_VERSION_ID < 70300) {
|
if (PHP_VERSION_ID < 70300) {
|
||||||
setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);
|
setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Strict', '', isSecure(), true);
|
||||||
} else {
|
} else {
|
||||||
setcookie('remember', "{$selector}:{$token}", [
|
setcookie('remember', "{$selector}:{$token}", [
|
||||||
'expires' => $expire,
|
'expires' => $expire,
|
||||||
'httponly' => true,
|
'httponly' => true,
|
||||||
'samesite' => 'Lax',
|
'samesite' => 'Strict',
|
||||||
|
'secure' => isSecure(),
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue