From cbdedbeec327a68821285f6b956a5aa7ec5eccae Mon Sep 17 00:00:00 2001 From: zubfatal Date: Fri, 21 Feb 2020 17:46:06 +0100 Subject: [PATCH] Added support for 'samesite' cookie option (PHP 7.3.0+) --- src/SecureHandler.php | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/src/SecureHandler.php b/src/SecureHandler.php index 3beaaba..8e94ab4 100644 --- a/src/SecureHandler.php +++ b/src/SecureHandler.php @@ -146,18 +146,29 @@ protected function getKey($name) $key = random_bytes(64); // 32 for encryption and 32 for authentication $cookieParam = session_get_cookie_params(); $encKey = base64_encode($key); - setcookie( - $name, - $encKey, - // if session cookie lifetime > 0 then add to current time - // otherwise leave it as zero, honoring zero's special meaning - // expire at browser close. - ($cookieParam['lifetime'] > 0) ? time() + $cookieParam['lifetime'] : 0, - $cookieParam['path'], - $cookieParam['domain'], - $cookieParam['secure'], - $cookieParam['httponly'] - ); + // if session cookie lifetime > 0 then add to current time + // otherwise leave it as zero, honoring zero's special meaning + // expire at browser close. + $expires = ($cookieParam['lifetime'] > 0) ? time() + $cookieParam['lifetime'] : 0; + + if (version_compare(PHP_VERSION, '7.3.0', '>=')) { + // PHP 7.3.0+ can use options as array, + // however session_get_cookie_params() returns 'lifetime', + // but setting the options via array requires you to use 'expires' + $cookieParam['expires'] = $expires; + unset($cookieParam['lifetime']); + setcookie($name, $encKey, $cookieParam); + } else { + setcookie( + $name, + $encKey, + $expires, + $cookieParam['path'], + $cookieParam['domain'], + $cookieParam['secure'], + $cookieParam['httponly'] + ); + } $_COOKIE[$name] = $encKey; } else { $key = base64_decode($_COOKIE[$name]);