cookie samesite flag causing warning

[KillGorack]

Hi,

Playing with hardening a little, and implemented samesite flag within a cookie, or at least tried to.

 

Code like:

session_set_cookie_params(0, "/; SameSite=Strict", "domain.com", true, true);
$params = session_get_cookie_params();
session_start();
setcookie("PHPSESSID", session_id(), $params["lifetime"], $params["path"], $params["domain"], $params["secure"], $params["httponly"]);

Warning:

PHP Warning: Cookie paths cannot contain any of the following ',; \t\r\n\013\014' in /homepages/39/d582945504/htdocs/portal-x/inc/cookies.php on line 21

Not sure if it's a huge deal to just leave that out..

[requinix]

Are you on 7.3? Use the array syntax with session_set_cookie_params.

[KillGorack]

Thanks for the reply,

I have access to 7.3, but the production server is 7.2. Does this make a difference? This is of course I think because the presence of the semicolon below within the "samesite" attribute.

session_set_cookie_params(0, "/; SameSite=Strict", "domain.com", true, true);

Looking for syntax of that array method. Can you help a guy out with an example?

[requinix]

Examples. But if production is on 7.2 then you have to support 7.2.

if (PHP_VERSION_ID >= 70300) {
	// array syntax
} else {
	// workaround syntax
}