summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session/Session.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2022-01-08 16:02:48 +0100
committerAndrey Andreev <narf@devilix.net>2022-01-08 16:02:48 +0100
commit0f7525b6d8ab426b6e973ebb177f96159aec69a4 (patch)
tree201f90cb6220db487f3c984b14685104500aba1e /system/libraries/Session/Session.php
parent77d825a1e91046e1846efc54e777f641e23f31a7 (diff)
[ci skip] Attempt to hack SameSite into session_set_cookie_params() pre-PHP7.3
Diffstat (limited to 'system/libraries/Session/Session.php')
-rw-r--r--system/libraries/Session/Session.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index a62a86f7f..cef5ba499 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -333,7 +333,7 @@ class CI_Session {
{
session_set_cookie_params(
$params['cookie_lifetime'],
- $params['cookie_path'],
+ $params['cookie_path'].'; SameSite='.$params['cookie_samesite'],
$params['cookie_domain'],
$params['cookie_secure'],
TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons