New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

path, domain and secure parameters of setcookie method made configurable #89

merged 3 commits into from Oct 5, 2017


None yet
1 participant

mebjas commented Oct 5, 2017

Based on asks to set path, domain and secure flags while setting cookie, this PR makes these parameters configurable. These can be set in cookieConfig key in config.php.

mebjas added some commits Oct 5, 2017

Added support for cookieConfig in config
cookieConfig allows you to set different settings for setcookie method
which is used to set csrfp token.
@@ -15,6 +15,6 @@ CSRFProtector configuration
- `customErrorMessage`: **Error Message** to be shown to user. Only this text will be shown!<br>**Default: null**
- `jsUrl`: **Absolute url** of the js file. (See [Setting up]( for more information)
- `tokenLength`: length of csrfp token, Default `10`
- `secureCookie`: sets the "secure" HTTPS flag on the cookie. <br>**Default: `false`**
- `cookieConfig`: Array of parameter values for set cookie method. supports three properties: `path`, `domain`, `secure`. They have same meaning as respective parameters of `setcookie` method in php have: [learn more -]

This comment has been minimized.


mebjas Oct 5, 2017


have same meaning as respective parameters of setcookie method in php have

last have not needed.

* test secure flag is set in the token cookie when requested
@ -150,11 +179,17 @@ public function testSecureCookie()
$_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('123abcd');
csrfprotector::$config['secureCookie'] = false;
csrfprotector::$config['cookieConfig'] = array('secure' => false);

This comment has been minimized.


mebjas Oct 5, 2017


Although the test is passing, this should also be set using reflection as this line is not essentially making a differemce

@mebjas mebjas merged commit 756129f into master Oct 5, 2017

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed

@mebjas mebjas deleted the dev-master branch Oct 5, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment