Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SameSite cookie support #374

Merged
merged 7 commits into from
Feb 13, 2020
Merged

SameSite cookie support #374

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c116980
SameSite cookie support
nanasess Feb 7, 2020
b602cf8
管理画面ログイン修正
nanasess Feb 7, 2020
cb44b52
互換用 Cookie も SameSite=None がついてしまっていたのを修正
nanasess Feb 7, 2020
00a6726
ログ出力削除
nanasess Feb 10, 2020
8ff48a4
PHP7.3 or higher support
nanasess Feb 10, 2020
d3cd7dd
互換用 cookie を読み込んだあとは削除する
nanasess Feb 10, 2020
bf2bac1
コメント修正
nanasess Feb 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions data/class/helper/SC_Helper_Session.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,11 @@ public function sfSessClose()
*/
public function sfSessRead($id)
{
if (empty($_COOKIE['ECSESSID']) && $id !== $_COOKIE['legacy-ECSESSID']) {
// session_id と $_COOKIE['legacy-ECSESSID'] が異なる場合は ECSESSID の cookie が拒否されたと見なす
GC_Utils_Ex::gfPrintLog('replace session id: '.$id.'=>'.$_COOKIE['legacy-ECSESSID']);

This comment was marked as resolved.

Sign in to view

$id = $_COOKIE['legacy-ECSESSID']; // $_COOKIE['legacy-ECSESSID'] からセッションデータを読み込む
}
$objQuery = SC_Query_Ex::getSingletonInstance();
$arrRet = $objQuery->select('sess_data', 'dtb_session', 'sess_id = ?', array($id));
if (empty($arrRet)) {
Expand Down
8 changes: 7 additions & 1 deletion data/class/sessionfactory/SC_SessionFactory_UseCookie.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,17 @@ public function initSession()
ini_set('session.cache_limiter', 'none');
// (session.auto_start などで)セッションが開始されていた場合に備えて閉じる。(FIXME: 保存する必要はない。破棄で良い。)
session_write_close();
session_set_cookie_params(0, ROOT_URLPATH, DOMAIN_NAME, $this->getSecureOption(), true);
// FIXME PHP7.3 or higher
session_set_cookie_params(0, ROOT_URLPATH.'; SameSite=None', DOMAIN_NAME, $this->getSecureOption(), true);
$params = session_get_cookie_params();
// セッション開始
// FIXME EC-CUBE をネストしてインストールした場合を考慮して、一意とすべき
session_name('ECSESSID');
session_start();
if (session_id() !== '') {
// SameSite=None を未サポートの UA 向けに cookie を発行する
setcookie('legacy-'.session_name(), session_id(), $params['lifetime'], ROOT_URLPATH, $params['domain'], $params['secure'], true);
}
}

/**
Expand Down