use sameSite = strict in PHPSESSION cookie close #147

vincent-peugnet · Dec 24, 2023 · c0a31d3 · c0a31d3
1 parent 7ed78aa
commit c0a31d3
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/index.php b/index.php
@@ -11,7 +11,10 @@
 $app = new Wcms\Application();
 $app->wakeup();
 
-session_set_cookie_params(['path' => '/' . Wcms\Config::basepath()]);
+session_set_cookie_params([
+    'path' => '/' . Wcms\Config::basepath(),
+    'samesite' => 'Strict'
+]);
 session_start();
 
 if (class_exists('Whoops\Run') && !empty(Wcms\Config::debug())) {