Allow the SameSite option to be configured for lumberjack_session cookie

Rareloop · Aug 16, 2021 · 7dc3466 · 7dc3466
1 parent d877406
commit 7dc3466
Showing 1 changed file with 9 additions and 12 deletions.
diff --git a/src/Providers/SessionServiceProvider.php b/src/Providers/SessionServiceProvider.php
@@ -33,22 +33,19 @@ public function boot()
 
         add_action('send_headers', function () use (&$cookieSet) {
             if (!$cookieSet) {
-                $cookieOptions = [
-                    'lifetime' => Config::get('session.lifetime', 120),
-                    'path' => Config::get('session.path', '/'),
-                    'domain' => Config::get('session.domain', null),
-                    'secure' => Config::get('session.secure', false),
-                    'httpOnly' => Config::get('session.http_only', true),
-                ];
+                $lifetime = Config::get('session.lifetime', 120);
 
                 setcookie(
                     $this->session->getName(),
                     $this->session->getId(),
-                    time() + ($cookieOptions['lifetime'] * 60),
-                    $cookieOptions['path'],
-                    $cookieOptions['domain'],
-                    $cookieOptions['secure'],
-                    $cookieOptions['httpOnly']
+                    [
+                        'expires' => time() + ($lifetime * 60),
+                        'path' => Config::get('session.path', '/'),
+                        'domain' => Config::get('session.domain', null),
+                        'secure' => Config::get('session.secure', false),
+                        'httponly' => Config::get('session.http_only', true),
+                        'samesite' => Config::get('session.same_site', 'strict'),
+                    ]
                 );
 
                 $cookieSet = true;