build: 7.2.0

David-Polehonski · Aug 27, 2024 · a7ae7a6 · a7ae7a6
2 parents 222c1e0 + 58f8e9d
commit a7ae7a6
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/core/appcfc/applicationSettings.cfm b/core/appcfc/applicationSettings.cfm
@@ -145,6 +145,8 @@ this.applicationTimeout = createTimeSpan(3,0,0,0);
 //  Where should cflogin stuff persist
 
 this.sessionManagement = !(left(cgi.path_info,11) == '/_api/rest/');
+this.sessioncookie.secure="true";
+this.sessioncookie.sameSite="none";
 
 if(this.sessionManagement){
 	this.loginStorage = "session";
@@ -579,11 +581,11 @@ if(len(getINIProperty('s3accessKeyId',''))){
 
 if(len(getINIProperty('s3awsSecretKey',''))){
 	this.s3.awsSecretKey=evalSetting(getINIProperty('s3awsSecretKey',''));
-} 
+}
 
 if(len(getINIProperty('s3SecretKey',''))){
 	this.s3.awsSecretKey=evalSetting(getINIProperty('s3SecretKey',''));
-} 
+}
 
 if(len(getINIProperty('s3Acl',''))){
 	this.s3.acl=evalSetting(getINIProperty('s3Acl',''));

diff --git a/core/mura/utility.cfc b/core/mura/utility.cfc
@@ -623,19 +623,19 @@ Blog: www.codfusion.com--->
 				<!--- Lucee uses lowercase cookies the setCookieLegacy method allows it to maintain case--->
 				<cfif server.coldfusion.productname neq 'Coldfusion Server'>
 					<cfif application.configBean.getSessionCookiesExpires() EQ "" OR application.configBean.getSessionCookiesExpires() EQ "session" OR application.configBean.getSessionCookiesExpires() EQ "session only">
-						<cfset setCookieLegacy(name='cfid', value=sessionTokens.CFID, maintainCase=true)>
-						<cfset setCookieLegacy(name='cftoken', value=sessionTokens.CFTOKEN, maintainCase=true)>
+						<cfset setCookie(name='cfid', value=sessionTokens.CFID, maintainCase=true)>
+						<cfset setCookie(name='cftoken', value=sessionTokens.CFTOKEN, maintainCase=true)>
 					<cfelse>
-						<cfset setCookieLegacy(name='cfid', value=sessionTokens.CFID, expires=application.configBean.getSessionCookiesExpires(), maintainCase=true)>
-						<cfset setCookieLegacy(name='cftoken', value=sessionTokens.CFTOKEN, expires=application.configBean.getSessionCookiesExpires(), maintainCase=true)>
+						<cfset setCookie(name='cfid', value=sessionTokens.CFID, expires=application.configBean.getSessionCookiesExpires(), maintainCase=true)>
+						<cfset setCookie(name='cftoken', value=sessionTokens.CFTOKEN, expires=application.configBean.getSessionCookiesExpires(), maintainCase=true)>
 					</cfif>
 				<cfelse>
 					<cfif application.configBean.getSessionCookiesExpires() EQ "" OR application.configBean.getSessionCookiesExpires() EQ "session" OR application.configBean.getSessionCookiesExpires() EQ "session only">
-						<cfset setCookieLegacy(name="CFID", value=sessionTokens.CFID) />
-						<cfset setCookieLegacy(name="CFTOKEN", value=sessionTokens.CFTOKEN)/>
+						<cfset setCookie(name="CFID", value=sessionTokens.CFID) />
+						<cfset setCookie(name="CFTOKEN", value=sessionTokens.CFTOKEN)/>
 					<cfelse>
-						<cfset setCookieLegacy(name="CFID", value=sessionTokens.CFID, expires=application.configBean.getSessionCookiesExpires()) />
-						<cfset setCookieLegacy(name="CFTOKEN", value=sessionTokens.CFTOKEN, expires=application.configBean.getSessionCookiesExpires()) />
+						<cfset setCookie(name="CFID", value=sessionTokens.CFID, expires=application.configBean.getSessionCookiesExpires()) />
+						<cfset setCookie(name="CFTOKEN", value=sessionTokens.CFTOKEN, expires=application.configBean.getSessionCookiesExpires()) />
 					</cfif>
 				</cfif>
 			</cfif>
@@ -668,6 +668,8 @@ Blog: www.codfusion.com--->
 	<cfargument name="expires" type="string" default="never">
   <cfargument name="maintainCase" type="boolean" default="true">
 	<cfargument name="httpOnly" type="boolean" default="true">
+	<cfargument name="secure" type="boolean" default="true">
+	<cfargument name="samesite" type="string" default="none">
 
 	<cfif variables.configBean.getSecureCookies()>
 		<cfset arguments.secure=true>