summaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2020-02-06 20:37:45 +0100
committerGitHub <noreply@github.com>2020-02-06 20:37:45 +0100
commit3b14cec76646016942bed2c85182c7f66d5a815c (patch)
tree9dec6237d25a60017c67446378302f0a0f395db0 /lib/private
parent730af0013258976dbe5664347eeecd074e5eb440 (diff)
parent2016e57eab1d970e6edd63370e956f462e56c86c (diff)
downloadnextcloud-server-3b14cec76646016942bed2c85182c7f66d5a815c.tar.gz
nextcloud-server-3b14cec76646016942bed2c85182c7f66d5a815c.zip
Merge pull request #17075 from nextcloud/enh/samesitecookies
Only send samesite cookies
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/Session/CryptoWrapper.php18
-rw-r--r--lib/private/Session/Internal.php12
2 files changed, 27 insertions, 3 deletions
diff --git a/lib/private/Session/CryptoWrapper.php b/lib/private/Session/CryptoWrapper.php
index bbaa907b268..b9dbc90edd6 100644
--- a/lib/private/Session/CryptoWrapper.php
+++ b/lib/private/Session/CryptoWrapper.php
@@ -86,7 +86,23 @@ class CryptoWrapper {
if($webRoot === '') {
$webRoot = '/';
}
- setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true);
+
+ if (PHP_VERSION_ID < 70300) {
+ setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true);
+ } else {
+ setcookie(
+ self::COOKIE_NAME,
+ $this->passphrase,
+ [
+ 'expires' => 0,
+ 'path' => $webRoot,
+ 'domain' => '',
+ 'secure' => $secureCookie,
+ 'httponly' => true,
+ 'samesite' => 'Lax',
+ ]
+ );
+ }
}
}
}
diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php
index d235e9eb50b..b9aae76c3b0 100644
--- a/lib/private/Session/Internal.php
+++ b/lib/private/Session/Internal.php
@@ -56,7 +56,7 @@ class Internal extends Session {
set_error_handler([$this, 'trapError']);
$this->invoke('session_name', [$name]);
try {
- $this->invoke('session_start');
+ $this->startSession();
} catch (\Exception $e) {
setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/');
}
@@ -106,7 +106,7 @@ class Internal extends Session {
public function clear() {
$this->invoke('session_unset');
$this->regenerateId();
- $this->invoke('session_start', [], true);
+ $this->startSession();
$_SESSION = [];
}
@@ -214,4 +214,12 @@ class Internal extends Session {
$this->trapError($e->getCode(), $e->getMessage());
}
}
+
+ private function startSession() {
+ if (PHP_VERSION_ID < 70300) {
+ $this->invoke('session_start');
+ } else {
+ $this->invoke('session_start', [['cookie_samesite' => 'Lax']]);
+ }
+ }
}