Skip to content

Commit

Permalink
adding fix for samesite origin cookie handling under Chrome.
Browse files Browse the repository at this point in the history
  • Loading branch information
padams committed Sep 16, 2020
1 parent de1514d commit e518e32
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
8 changes: 4 additions & 4 deletions owa_auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -341,19 +341,19 @@ function saveCredentials() {
$this->e->debug('saving user credentials to cookies');

if (PHP_VERSION_ID < 70300) {
setcookie($this->config['ns'].'u', $this->u->get('user_id'), time()+3600*24*365*10, '/; samesite=None', $this->config['cookie_domain']);
setcookie($this->config['ns'].'p', $this->generateAuthCredential( $this->credentials['user_id'], $this->u->get('password') ), time()+3600*24*2, '/; samesite=None', $this->config['cookie_domain']);
setcookie($this->config['ns'].'u', $this->u->get('user_id'), time()+3600*24*365*10, '/; samesite=Lax', $this->config['cookie_domain']);
setcookie($this->config['ns'].'p', $this->generateAuthCredential( $this->credentials['user_id'], $this->u->get('password') ), time()+3600*24*2, '/; samesite=Lax', $this->config['cookie_domain']);
} else {
setcookie($this->config['ns'].'u', $this->u->get('user_id'), [
'expires' => time()+3600*24*365*10,
'path' => '/',
'samesite' => 'None',
'samesite' => 'Lax',
'domain' => $this->config['cookie_domain'],
]);
setcookie($this->config['ns'].'p', $this->generateAuthCredential( $this->credentials['user_id'], $this->u->get('password') ), [
'expires' => time()+3600*24*365*10,
'path' => '/',
'samesite' => 'None',
'samesite' => 'Lax',
'domain' => $this->config['cookie_domain'],
]);
}
Expand Down
2 changes: 1 addition & 1 deletion owa_coreAPI.php
Original file line number Diff line number Diff line change
Expand Up @@ -1135,7 +1135,7 @@ public static function notice($msg) {
return;
}

public static function createCookie($cookie_name, $cookie_value, $expires = 0, $path = '/', $domain = '') {
public static function createCookie($cookie_name, $cookie_value, $expires = 0, $path = '/; samesite=Lax', $domain = '') {

if ( $domain ) {
// sanitizes the domain
Expand Down

0 comments on commit e518e32

Please sign in to comment.