From af6b5f0ec52e9736b20cdc90986c9c48122690e3 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Mon, 14 Mar 2022 23:08:11 +0100
Subject: [PATCH] correctly secure session-cookie

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/UI/Panel/UI.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/Froxlor/UI/Panel/UI.php b/lib/Froxlor/UI/Panel/UI.php
index 110c0a7d..cb7ccffc 100644
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -67,9 +67,13 @@ class UI
 				|| strcasecmp('https', $isHttps) == 0
 			);
 
-		ini_set("url_rewriter.tags", "");
-		ini_set("session.cookie_httponly", true);
-		ini_set("session.cookie_secure", $isHttps);
+		session_set_cookie_params([
+			'path' => '/',
+			'domain' => $_SERVER['HTTP_HOST'],
+			'secure' => $isHttps,
+			'httponly' => true,
+			'samesite' => 'Strict'
+		]);
 		session_start();
 
 		header("Content-Type: text/html; charset=UTF-8");