From 1a2651040ef701e750b1c13cd69cc70814b079d0 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 5 Jan 2022 18:52:24 +0200
Subject: Add SameSite cookie support to Session library

---
 system/libraries/Session/Session_driver.php | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

(limited to 'system/libraries/Session/Session_driver.php')

diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index d78492b5e..b1b1b073e 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -140,14 +140,28 @@ abstract class CI_Session_driver {
 	 */
 	protected function _cookie_destroy()
 	{
+		if ( ! is_php('7.3'))
+		{
+			$header = 'Set-Cookie: '.$this->_config['cookie_name'].'=';
+			$header .= '; Expires='.gmdate('D, d-M-Y H:i:s T', 1).'; Max-Age=-1';
+			$header .= '; Path='.$this->_config['cookie_path'];
+			$header .= ($this->_config['cookie_domain'] !== '' ? '; Domain='.$this->_config['cookie_domain'] : '');
+			$header .= ($this->_config['cookie_secure'] ? '; Secure' : '').'; HttpOnly; SameSite='.$this->_config['cookie_samesite'];
+			header($header);
+			return;
+		}
+
 		return setcookie(
 			$this->_config['cookie_name'],
 			NULL,
-			1,
-			$this->_config['cookie_path'],
-			$this->_config['cookie_domain'],
-			$this->_config['cookie_secure'],
-			TRUE
+			array(
+				'expires' => 1,
+				'path' => $this->_config['cookie_path'],
+				'domain' => $this->_config['cookie_domain'],
+				'secure' => $this->_config['cookie_secure'],
+				'httponly' => TRUE,
+				'samesite' => $this->_config['cookie_samesite']
+			)
 		);
 	}
 
-- 
cgit v1.2.3-24-g4f1b