Browse code
use samesite flag for clientcert cookie
Hanno Böck authored on22/04/2020 07:44:27 Showing1 changed files
| ... | ... |
@@ -103,7 +103,7 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($ |
| 103 | 103 |
$role = find_role($uid, '', true); |
| 104 | 104 |
setup_session($role, $uid); |
| 105 | 105 |
DEBUG("Set Cookie!");
|
| 106 |
- setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
|
|
| 106 |
+ setcookie('CLIENTCERT_AUTOLOGIN', '1', array('expires'=>strtotime("+ 1 year"), 'path'=>'/', 'secure'=>true, 'httponly'=>true, 'samesite'=>'Lax'));
|
|
| 107 | 107 |
$destination = 'go/index/index'; |
| 108 | 108 |
if (check_path($ret[0]['startpage'])) {
|
| 109 | 109 |
$destination = $ret[0]['startpage']; |