Skip to content

Commit

Permalink
Merge pull request MythTV#73 from mkbloke/session
Browse files Browse the repository at this point in the history 
Update mythweb_id cookie to enable SameSite=Strict
  • Loading branch information
@stuarta
stuarta authored Mar 9, 2022
2 parents 0c176f0 + 261c602 commit de8d4e9
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion includes/session.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,15 @@
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 30); // 30 day timeout on sessions
session_set_save_handler('sess_do_nothing', 'sess_do_nothing', 'sess_read', 'sess_write', 'sess_destroy', 'sess_gc');
session_start();
setcookie(session_name(), session_id(), time() + 60*60*24*30, '/'); // Update 30 day timeout
if (PHP_VERSION_ID < 70300) {
setcookie(session_name(), session_id(), time() + 60*60*24*30, '/; SameSite=Strict'); // Update 30 day timeout
} else {
setcookie(session_name(), session_id(), [
'expires' => time() + 60*60*24*30,
'path' => '/',
'samesite' => 'Strict'
]);
}

// Register a destruction handler for the db object, since the guys who write
// PHP are smoking something and think objects should be destroyed before the
Expand Down

0 comments on commit de8d4e9

Please sign in to comment.