Memperbaiki konfigurasi cookie samesite dan cookie secure

noplanalderson · Oct 22, 2021 · efc6290 · efc6290
1 parent be70913
commit efc6290
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/system/core/Security.php b/system/core/Security.php
@@ -276,12 +276,12 @@ public function csrf_set_cookie()
 			$this->_csrf_cookie_name, 
 			$this->_csrf_hash, 
 				array(
-					'samesite' => 'None', 
-					'secure' => true,
+					'samesite' => config_item('cookie_samesite'), 
+					'secure' => config_item('cookie_secure'),
 					'expires' => $expire, 
 					'path' => config_item('cookie_path'), 
 					'domain' => config_item('cookie_domain'), 
-					'httponly' => config_item('cookie_httponly')
+					'httponly' => TRUE // Not configureable for security reason
 				)
 		);
 		log_message('info', 'CSRF cookie sent');

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
@@ -173,7 +173,7 @@ public function __construct(array $params = array())
 				$this->_config['cookie_name'], 
 				session_id(), 
 				array(
-					'samesite' => 'None', 
+					'samesite' => config_item('cookie_samesite'), 
 					'secure' => $this->_config['cookie_secure'],
 					'expires' => (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']), 
 					'path' => $this->_config['cookie_path'],