From efc6290aea7124d7cf83af7b8db0324faa9a51a4 Mon Sep 17 00:00:00 2001 From: Muhammad Ridwan Na'im Date: Fri, 22 Oct 2021 14:18:43 +0700 Subject: [PATCH] Memperbaiki konfigurasi cookie samesite dan cookie secure --- system/core/Security.php | 6 +++--- system/libraries/Session/Session.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index 2a91d59..a6beaeb 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -276,12 +276,12 @@ public function csrf_set_cookie() $this->_csrf_cookie_name, $this->_csrf_hash, array( - 'samesite' => 'None', - 'secure' => true, + 'samesite' => config_item('cookie_samesite'), + 'secure' => config_item('cookie_secure'), 'expires' => $expire, 'path' => config_item('cookie_path'), 'domain' => config_item('cookie_domain'), - 'httponly' => config_item('cookie_httponly') + 'httponly' => TRUE // Not configureable for security reason ) ); log_message('info', 'CSRF cookie sent'); diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 9e86c9d..8d2e391 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -173,7 +173,7 @@ public function __construct(array $params = array()) $this->_config['cookie_name'], session_id(), array( - 'samesite' => 'None', + 'samesite' => config_item('cookie_samesite'), 'secure' => $this->_config['cookie_secure'], 'expires' => (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']), 'path' => $this->_config['cookie_path'],