From 2d4ddf57cc64f37a76e53403bc1442a54cc01897 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 8 Jan 2022 17:02:48 +0200 Subject: [ci skip] Attempt to hack SameSite into session_set_cookie_params() pre-PHP7.3 --- system/libraries/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session/Session.php') diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 9d4561616..8d3ba2857 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -336,7 +336,7 @@ class CI_Session { { session_set_cookie_params( $params['cookie_lifetime'], - $params['cookie_path'], + $params['cookie_path'].'; SameSite='.$params['cookie_samesite'], $params['cookie_domain'], $params['cookie_secure'], TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons -- cgit v1.2.3-24-g4f1b