diff options
| author | Andrey Andreev <narf@devilix.net> | 2022-01-05 17:52:24 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2022-01-05 17:52:24 +0100 |
| commit | 1a2651040ef701e750b1c13cd69cc70814b079d0 (patch) | |
| tree | 50d2317b96af4f26945f8a1f8a59c37629ce4586 /user_guide_src/source | |
| parent | f370f2c042905e521fa3a25283f7e275606a8724 (diff) | |
Add SameSite cookie support to Session library
Diffstat (limited to 'user_guide_src/source')
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 | ||||
| -rw-r--r-- | user_guide_src/source/libraries/sessions.rst | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 0c61136c3..0e347f891 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -17,6 +17,7 @@ Release Date: Not Released - Updated :doc:`Database Library <database/index>` 'pdo' driver to attempt to free resources in order to allow connections to be closed. - Added ``SameSite=Strict`` attribute to the CSRF cookie sent by the :doc:`Security Class <libraries/security>`. - Added ``$config['cookie_samesite']`` option and ``$samesite`` parameter to :doc:`Input Library <libraries/input>` method ``set_cookie()``. + - Added ``SameSite`` support through ``$config['sess_samesite']`` option to the :doc:`Session Library <libraries/sessions>`. - Added a wrapper class around :doc:`Session <libraries/sessions>` drivers to deal with compatibility between PHP 8.1 and older versions. - Updated a lot of code for PHP 8.0 and 8.1 compatibility. diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 994dc2e08..ced4463d0 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -438,6 +438,8 @@ Preference Default Options ============================ =============== ======================================== ============================================================================================ **sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use. **sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie. +**sess_samesite** ci_session 'Lax', 'Strict' or 'None' SameSite attribute value for session cookies. + Defaults to ``session.cookie_samesite`` on PHP 7.3+ or 'Lax' if not present at all. **sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last. If you would like a non-expiring session (until browser is closed) set the value to zero: 0 **sess_save_path** NULL None Specifies the storage location, depends on the driver being used. |