Fixed issue #16769: Unable to embed in iframe (using config.php) for …

…Chrome Dev: apply patch from Yii1 before Yii 1.1.23 Dev: see https://github.com/yiisoft/yii/pull/4313/files Dev: cherry-picked Dev: session can be set with samesite:None checked
LimeSurvey · Oct 22, 2020 · 40b57dc · 40b57dc
1 parent d4db1fe
commit 40b57dc
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/framework/web/CHttpSession.php b/framework/web/CHttpSession.php
@@ -243,20 +243,34 @@ public function getCookieParams()
 	 * @param array $value cookie parameters, valid keys include: lifetime, path,
 	 * domain, secure, httponly. Note that httponly is all lowercase.
 	 * @see http://us2.php.net/manual/en/function.session-set-cookie-params.php
+	 * @see patch from https://github.com/yiisoft/yii/pull/4313/files 
 	 */
 	public function setCookieParams($value)
 	{
 		$data=session_get_cookie_params();
 		extract($data);
 		extract($value);
 		$this->freeze();
-		if(isset($httponly))
+		if(isset($httponly) && isset($samesite))
+		{
+			if(version_compare(PHP_VERSION,'7.3.0','>='))
+				session_set_cookie_params(array('lifetime'=>$lifetime,'path'=>$path,'domain'=>$domain,'secure'=>$secure,'httponly'=>$httponly,'samesite'=>$samesite));
+			else
+			{
+				// Work around for setting sameSite cookie prior PHP 7.3
+				// https://stackoverflow.com/questions/39750906/php-setcookie-samesite-strict/46971326#46971326
+				$path .= '; samesite=' . $samesite;
+				session_set_cookie_params($lifetime,$path,$domain,$secure,$httponly);
+			}
+		}
+		else if(isset($httponly))
 			session_set_cookie_params($lifetime,$path,$domain,$secure,$httponly);
 		else
 			session_set_cookie_params($lifetime,$path,$domain,$secure);
 		$this->unfreeze();
 	}
 
+
 	/**
 	 * @return string how to use cookie to store session ID. Defaults to 'Allow'.
 	 */