From f1bbb2abe3904f2411e406d8075ecb250b8a3bc1 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sat, 1 Feb 2020 15:16:17 +0100
Subject: [PATCH] make cookies strict

---
 DataStorage/Cookie/CookieJar.php    | 2 +-
 DataStorage/Session/HttpSession.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/DataStorage/Cookie/CookieJar.php b/DataStorage/Cookie/CookieJar.php
index e3c4822d3..9dfe77250 100644
--- a/DataStorage/Cookie/CookieJar.php
+++ b/DataStorage/Cookie/CookieJar.php
@@ -194,7 +194,7 @@ final class CookieJar
 
         // @codeCoverageIgnoreStart
         foreach ($this->cookies as $key => $cookie) {
-            \setcookie($key, $cookie['value'], $cookie['expiry'], $cookie['path'], $cookie['domain'], $cookie['secure'], $cookie['httponly']);
+            \setcookie($key, $cookie['value'], $cookie['expiry'], $cookie['path'], $cookie['domain'], $cookie['secure'], $cookie['httponly'], ['samesite'=>'Strict']);
         }
         // @codeCoverageIgnoreEnd
     }
diff --git a/DataStorage/Session/HttpSession.php b/DataStorage/Session/HttpSession.php
index f8b9d286b..fad93b373 100644
--- a/DataStorage/Session/HttpSession.php
+++ b/DataStorage/Session/HttpSession.php
@@ -85,7 +85,7 @@ final class HttpSession implements SessionInterface
         $this->inactivityInterval = $inactivityInterval;
 
         if (\session_status() !== \PHP_SESSION_ACTIVE && !\headers_sent()) {
-            \session_set_cookie_params($liftetime, '/', '', false, true); // @codeCoverageIgnore
+            \session_set_cookie_params($liftetime, '/', '', false, true, ['samesite'=>'Strict']); // @codeCoverageIgnore
             \session_start(); // @codeCoverageIgnore
         }