Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set SameSite attribute for session cookie #46

Closed
marein opened this issue May 28, 2020 · 0 comments · Fixed by #48
Closed

Set SameSite attribute for session cookie #46

marein opened this issue May 28, 2020 · 0 comments · Fixed by #48
Assignees
@marein
Labels
type:security
Milestone
Update to symfony 5

Comments

@marein
Copy link
Owner

marein commented May 28, 2020
edited

We can use the Lax setting because we adhere to the HTTP protocol and don't use secure methods to change data. It looks like this will protect against CSRF attacks, but it doesn't. Normal forms, let's call them pre-auth, like a login or a contact form, still need to be protected.
@marein marein added this to the Update to symfony 5 milestone May 28, 2020
@marein marein self-assigned this May 28, 2020
@marein marein changed the title Set SameSite attribute in session cookie Set SameSite attribute for session cookie Jun 3, 2020
marein added a commit that referenced this issue Jun 7, 2020
@marein
Set SameSite attribute for session cookie #46
2f0d97f
@marein marein linked a pull request Jun 7, 2020 that will close this issue
Set SameSite attribute for session cookie #48
Merged
@marein marein closed this as completed in #48 Jun 7, 2020
marein added a commit that referenced this issue Jun 7, 2020
@marein
Set SameSite attribute for session cookie (#48)
2e38d99 
* Set SameSite attribute for session cookie #46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marein marein

Labels
type:security
Projects
None yet
Milestone
Update to symfony 5
Development

Successfully merging a pull request may close this issue.

Set SameSite attribute for session cookie marein/php-gaming-website
1 participant
@marein