correctly secure session-cookie

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2022-03-14 23:08:11 +01:00
parent 164b46ece3
commit af6b5f0ec5
1 changed files with 7 additions and 3 deletions
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -67,9 +67,13 @@ class UI
 				|| strcasecmp('https', $isHttps) == 0
 			);

-		ini_set("url_rewriter.tags", "");
-		ini_set("session.cookie_httponly", true);
-		ini_set("session.cookie_secure", $isHttps);
+		session_set_cookie_params([
+			'path' => '/',
+			'domain' => $_SERVER['HTTP_HOST'],
+			'secure' => $isHttps,
+			'httponly' => true,
+			'samesite' => 'Strict'
+		]);
 		session_start();

 		header("Content-Type: text/html; charset=UTF-8");