beenull/XBackBone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

improve remember cookie security

Browse source
This commit is contained in:
SergiX44 2021-08-01 12:52:32 +02:00
parent 0ef9f0e0a7
commit 37c0701700
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/Controllers/Controller.php
View file

@ -128,12 +128,13 @@ abstract class Controller
// Workaround for php <= 7.3 // Workaround for php <= 7.3
if (PHP_VERSION_ID < 70300) { if (PHP_VERSION_ID < 70300) {
setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true); setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Strict', '', isSecure(), true);
} else { } else {
setcookie('remember', "{$selector}:{$token}", [ setcookie('remember', "{$selector}:{$token}", [
'expires' => $expire, 'expires' => $expire,
'httponly' => true, 'httponly' => true,
'samesite' => 'Lax', 'samesite' => 'Strict',
'secure' => isSecure(),
]); ]);
} }
} }