KillGorack Posted October 7, 2018 Share Posted October 7, 2018 Hi, Playing with hardening a little, and implemented samesite flag within a cookie, or at least tried to. Code like: session_set_cookie_params(0, "/; SameSite=Strict", "domain.com", true, true); $params = session_get_cookie_params(); session_start(); setcookie("PHPSESSID", session_id(), $params["lifetime"], $params["path"], $params["domain"], $params["secure"], $params["httponly"]); Warning: PHP Warning: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /homepages/39/d582945504/htdocs/portal-x/inc/cookies.php on line 21 Not sure if it's a huge deal to just leave that out.. 1 Quote Link to comment Share on other sites More sharing options...
requinix Posted October 7, 2018 Share Posted October 7, 2018 Are you on 7.3? Use the array syntax with session_set_cookie_params. Quote Link to comment Share on other sites More sharing options...
KillGorack Posted October 14, 2018 Author Share Posted October 14, 2018 Thanks for the reply, I have access to 7.3, but the production server is 7.2. Does this make a difference? This is of course I think because the presence of the semicolon below within the "samesite" attribute. session_set_cookie_params(0, "/; SameSite=Strict", "domain.com", true, true); Looking for syntax of that array method. Can you help a guy out with an example? Quote Link to comment Share on other sites More sharing options...
requinix Posted October 14, 2018 Share Posted October 14, 2018 Examples. But if production is on 7.2 then you have to support 7.2. if (PHP_VERSION_ID >= 70300) { // array syntax } else { // workaround syntax } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.