Add cookie_samesite

Signed-off-by: Doug Sheffer <desheffer@gmail.com>
laminas · Jul 30, 2020 · 9791e07 · 9791e07
1 parent 3b7181c
commit 9791e07
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 0 deletions.
diff --git a/docs/book/config.md b/docs/book/config.md
@@ -22,6 +22,7 @@ Option                    | Data Type | Description
 `cookie_httponly`         | `boolean` | Marks the cookie as accessible only through the HTTP protocol.
 `cookie_lifetime`         | `integer` | Specifies the lifetime of the cookie in seconds which is sent to the browser.
 `cookie_path`             | `string`  | Specifies path to set in the session cookie.
+`cookie_samesite`         | `string`  | Specifies whether cookies should be sent along with cross-site requests. Added in PHP 7.3.0.
 `cookie_secure`           | `boolean` | Specifies whether cookies should only be sent over secure connections.
 `entropy_length`          | `integer` | Specifies the number of bytes which will be read from the file specified in entropy_file. Removed in PHP 7.1.0.
 `entropy_file`            | `string`  | Defines a path to an external resource (file) which will be used as an additional entropy. Removed in PHP 7.1.0.

diff --git a/src/Config/ConfigInterface.php b/src/Config/ConfigInterface.php
@@ -37,6 +37,9 @@ public function getCookiePath();
     public function setCookieDomain($cookieDomain);
     public function getCookieDomain();
 
+    public function setCookieSameSite($cookieSameSite);
+    public function getCookieSameSite();
+
     public function setCookieSecure($cookieSecure);
     public function getCookieSecure();
 

diff --git a/src/Config/StandardConfig.php b/src/Config/StandardConfig.php
@@ -52,6 +52,13 @@ class StandardConfig implements ConfigInterface
      */
     protected $cookieDomain;
 
+    /**
+     * session.cookie_samesite
+     *
+     * @var string
+     */
+    protected $cookieSameSite;
+
     /**
      * session.cookie_secure
      *
@@ -495,6 +502,32 @@ public function getCookieDomain()
         return $this->cookieDomain;
     }
 
+    /**
+     * Set session.cookie_samesite
+     *
+     * @param  string $cookieSameSite
+     * @return StandardConfig
+     */
+    public function setCookieSameSite($cookieSameSite)
+    {
+        $this->cookieSameSite = (string) $cookieSameSite;
+        $this->setStorageOption('cookie_samesite', $this->cookieSameSite);
+        return $this;
+    }
+
+    /**
+     * Get session.cookie_samesite
+     *
+     * @return string
+     */
+    public function getCookieSameSite()
+    {
+        if (null === $this->cookieSameSite) {
+            $this->cookieSameSite = $this->getStorageOption('cookie_samesite');
+        }
+        return $this->cookieSameSite;
+    }
+
     /**
      * Set session.cookie_secure
      *
@@ -880,6 +913,7 @@ public function toArray()
             'cookie_httponly'     => $this->getCookieHttpOnly(),
             'cookie_lifetime'     => $this->getCookieLifetime(),
             'cookie_path'         => $this->getCookiePath(),
+            'cookie_samesite'     => $this->getCookieSameSite(),
             'cookie_secure'       => $this->getCookieSecure(),
             'name'                => $this->getName(),
             'remember_me_seconds' => $this->getRememberMeSeconds(),

diff --git a/test/Config/SessionConfigTest.php b/test/Config/SessionConfigTest.php
@@ -400,6 +400,34 @@ public function testSettingInvalidCookieDomainRaisesException2()
         $this->config->setCookieDomain('D:\\WINDOWS\\System32\\drivers\\etc\\hosts');
     }
 
+    // session.cookie_samesite
+
+    /**
+     * @requires PHP 7.3
+     */
+    public function testCookieSameSiteDefaultsToIniSettings()
+    {
+        $this->assertSame(ini_get('session.cookie_samesite'), $this->config->getCookieSameSite());
+    }
+
+    /**
+     * @requires PHP 7.3
+     */
+    public function testCookieSameSiteIsMutable()
+    {
+        $this->config->setCookieSameSite('Strict');
+        $this->assertEquals('Strict', $this->config->getCookieSameSite());
+    }
+
+    /**
+     * @requires PHP 7.3
+     */
+    public function testCookieSameSiteAltersIniSetting()
+    {
+        $this->config->setCookieSameSite('Strict');
+        $this->assertEquals('Strict', ini_get('session.cookie_samesite'));
+    }
+
     // session.cookie_secure
 
     public function testCookieSecureDefaultsToIniSettings()
@@ -1183,6 +1211,15 @@ public function optionsProvider()
             ];
         }
 
+        // New options as of PHP 7.3.0
+        if (PHP_VERSION_ID >= 70300) {
+            $commonOptions[] = [
+                'cookie_samesite',
+                'getCookieSameSite',
+                'Lax',
+            ];
+        };
+
         return $commonOptions;
     }
 

diff --git a/test/Config/StandardConfigTest.php b/test/Config/StandardConfigTest.php
@@ -229,6 +229,17 @@ public function testSettingInvalidCookieDomainRaisesException2()
         $this->config->setCookieDomain('D:\\WINDOWS\\System32\\drivers\\etc\\hosts');
     }
 
+    // session.cookie_samesite
+
+    /**
+     * @requires PHP 7.3
+     */
+    public function testCookieSameSiteIsMutable()
+    {
+        $this->config->setCookieSameSite('Strict');
+        $this->assertEquals('Strict', $this->config->getCookieSameSite());
+    }
+
     // session.cookie_secure
 
     public function testCookieSecureIsMutable()
@@ -763,6 +774,15 @@ public function optionsProvider()
             ];
         }
 
+        // New options as of PHP 7.3.0
+        if (PHP_VERSION_ID >= 70300) {
+            $commonOptions[] = [
+                'cookie_samesite',
+                'getCookieSameSite',
+                'Lax',
+            ];
+        };
+
         return $commonOptions;
     }