diff options
-rw-r--r-- | lib/private/Session/CryptoWrapper.php | 18 | ||||
-rw-r--r-- | lib/private/Session/Internal.php | 12 |
2 files changed, 27 insertions, 3 deletions
diff --git a/lib/private/Session/CryptoWrapper.php b/lib/private/Session/CryptoWrapper.php index bbaa907b268..b9dbc90edd6 100644 --- a/lib/private/Session/CryptoWrapper.php +++ b/lib/private/Session/CryptoWrapper.php @@ -86,7 +86,23 @@ class CryptoWrapper { if($webRoot === '') { $webRoot = '/'; } - setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); + + if (PHP_VERSION_ID < 70300) { + setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); + } else { + setcookie( + self::COOKIE_NAME, + $this->passphrase, + [ + 'expires' => 0, + 'path' => $webRoot, + 'domain' => '', + 'secure' => $secureCookie, + 'httponly' => true, + 'samesite' => 'Lax', + ] + ); + } } } } diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php index d235e9eb50b..b9aae76c3b0 100644 --- a/lib/private/Session/Internal.php +++ b/lib/private/Session/Internal.php @@ -56,7 +56,7 @@ class Internal extends Session { set_error_handler([$this, 'trapError']); $this->invoke('session_name', [$name]); try { - $this->invoke('session_start'); + $this->startSession(); } catch (\Exception $e) { setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/'); } @@ -106,7 +106,7 @@ class Internal extends Session { public function clear() { $this->invoke('session_unset'); $this->regenerateId(); - $this->invoke('session_start', [], true); + $this->startSession(); $_SESSION = []; } @@ -214,4 +214,12 @@ class Internal extends Session { $this->trapError($e->getCode(), $e->getMessage()); } } + + private function startSession() { + if (PHP_VERSION_ID < 70300) { + $this->invoke('session_start'); + } else { + $this->invoke('session_start', [['cookie_samesite' => 'Lax']]); + } + } } |