fix siteid cookie to secure

2021-10-18 10:38:41 -04:00
parent 9e70cb193d
commit 5caac014df
27 changed files with 31 additions and 30 deletions
--- a/classes/index.php
+++ b/classes/index.php
@@ -21,6 +21,6 @@
    ini_set('session.use_cookies', '1');
    ini_set('session.use_only_cookies', '1');
    ini_set('session.cookie_lifetime', '0');
-    ini_set('session.cookie_secure', '0');
+    ini_set('session.cookie_secure', '1');
    ini_set('session.cookie_httponly', '1');
    ini_set('session.cookie_samesite', 'Strict');
--- a/classes/misc/csrf.php
+++ b/classes/misc/csrf.php
@@ -33,7 +33,7 @@ class csrf {

                setcookie ( self::makeCookieName($page), $token->cookietoken, [
                    'expires' => $token->expiry,
-                    'secure' => false,
+                    'secure' => true,
                    'httponly' => true,
                    'samesite' => 'Strict',
                ]);
--- a/classes/misc/index.php
+++ b/classes/misc/index.php
@@ -21,6 +21,6 @@
    ini_set('session.use_cookies', '1');
    ini_set('session.use_only_cookies', '1');
    ini_set('session.cookie_lifetime', '0');
-    ini_set('session.cookie_secure', '0');
+    ini_set('session.cookie_secure', '1');
    ini_set('session.cookie_httponly', '1');
    ini_set('session.cookie_samesite', 'Strict');