summaryrefslogtreecommitdiffstats
path: root/user_guide_src
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src')
-rw-r--r--user_guide_src/source/changelog.rst2
-rw-r--r--user_guide_src/source/libraries/sessions.rst2
2 files changed, 4 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 7bd51c81e..b4278b1cd 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -145,6 +145,8 @@ Release Date: Not Released
- Added method :doc:`Database Library <database/index>` method ``trans_active()`` to expose transaction state.
- Updated :doc:`Database Library <database/index>` 'pdo' driver to attempt to free resources in order to allow connections to be closed.
- Added ``SameSite=Strict`` attribute to the CSRF cookie sent by the :doc:`Security Class <libraries/security>`.
+ - Added ``$config['cookie_samesite']`` option and ``$samesite`` parameter to :doc:`Input Library <libraries/input>` method ``set_cookie()``.
+ - Added ``SameSite`` support through ``$config['sess_samesite']`` option to the :doc:`Session Library <libraries/sessions>`.
- Added a wrapper class around :doc:`Session <libraries/sessions>` drivers to deal with compatibility between PHP 8.1 and older versions.
- Updated a lot of code for PHP 8.0 and 8.1 compatibility.
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
index f2236c633..b87508aba 100644
--- a/user_guide_src/source/libraries/sessions.rst
+++ b/user_guide_src/source/libraries/sessions.rst
@@ -438,6 +438,8 @@ Preference Default Options
============================ =============== ======================================== ============================================================================================
**sess_driver** files files/database/redis/memcached/*custom* The session storage driver to use.
**sess_cookie_name** ci_session [A-Za-z\_-] characters only The name used for the session cookie.
+**sess_samesite** ci_session 'Lax', 'Strict' or 'None' SameSite attribute value for session cookies.
+ Defaults to ``session.cookie_samesite`` on PHP 7.3+ or 'Lax' if not present at all.
**sess_expiration** 7200 (2 hours) Time in seconds (integer) The number of seconds you would like the session to last.
If you would like a non-expiring session (until browser is closed) set the value to zero: 0
**sess_save_path** NULL None Specifies the storage location, depends on the driver being used.