make cookies strict

2026-02-08 05:18:40 +00:00 · 2020-02-01 15:16:17 +01:00 · 2020-02-01 15:16:17 +01:00 · f1bbb2abe3
commit f1bbb2abe3
parent 30a8fe202e
2 changed files with 2 additions and 2 deletions
--- a/DataStorage/Cookie/CookieJar.php
+++ b/DataStorage/Cookie/CookieJar.php
@ -194,7 +194,7 @@ final class CookieJar
        // @codeCoverageIgnoreStart
        foreach ($this->cookies as $key => $cookie) {
-            \setcookie($key, $cookie['value'], $cookie['expiry'], $cookie['path'], $cookie['domain'], $cookie['secure'], $cookie['httponly']);
+            \setcookie($key, $cookie['value'], $cookie['expiry'], $cookie['path'], $cookie['domain'], $cookie['secure'], $cookie['httponly'], ['samesite'=>'Strict']);
        }
        // @codeCoverageIgnoreEnd
    }
--- a/DataStorage/Session/HttpSession.php
+++ b/DataStorage/Session/HttpSession.php
@ -85,7 +85,7 @@ final class HttpSession implements SessionInterface
        $this->inactivityInterval = $inactivityInterval;
        if (\session_status() !== \PHP_SESSION_ACTIVE && !\headers_sent()) {
-            \session_set_cookie_params($liftetime, '/', '', false, true); // @codeCoverageIgnore
+            \session_set_cookie_params($liftetime, '/', '', false, true, ['samesite'=>'Strict']); // @codeCoverageIgnore
            \session_start(); // @codeCoverageIgnore
        }