Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing session coockie to set to http only and secure
Deploy / deploy (push) Successful in 1m54s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-15 09:53:18 +02:00
parent de5b21322c
commit 6e09214182
3 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/utils/security.php
+2 -8
View File
@@ -6,14 +6,11 @@ function secure_session_start(): void
return;
}
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
session_set_cookie_params([
'lifetime' => 0,
'path' => '/',
'domain' => '',
'secure' => $is_https,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax',
]);
@@ -245,13 +242,10 @@ function clear_rate_limit(mysqli $conn, string $bucket, string $identifier = '')
function set_secure_cookie(string $name, string $value, int $expires): void
{
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
setcookie($name, $value, [
'expires' => $expires,
'path' => '/',
'secure' => $is_https,
'secure' => true,
'httponly' => true,
'samesite' => 'Lax',
]);