use samesite flag for clientcert cookie (ace0749) - webinterface.git

certlogin/index.php

@@ -103,7 +103,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
             $role = find_role($uid, '', true);
             setup_session($role, $uid);
             DEBUG("Set Cookie!");
-            setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
+            setcookie('CLIENTCERT_AUTOLOGIN', '1', array('expires'=>strtotime("+ 1 year"), 'path'=>'/', 'secure'=>true, 'httponly'=>true, 'samesite'=>'Lax'));
             $destination = 'go/index/index';
             if (check_path($ret[0]['startpage'])) {
                 $destination = $ret[0]['startpage'];


...	...	@@ -103,7 +103,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
103	103	$role = find_role($uid, '', true);
104	104	setup_session($role, $uid);
105	105	DEBUG("Set Cookie!");
106		- setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
	106	+ setcookie('CLIENTCERT_AUTOLOGIN', '1', array('expires'=>strtotime("+ 1 year"), 'path'=>'/', 'secure'=>true, 'httponly'=>true, 'samesite'=>'Lax'));
107	107	$destination = 'go/index/index';
108	108	if (check_path($ret[0]['startpage'])) {
109	109	$destination = $ret[0]['startpage'];
110	110