From 1e6a93e3dc5f704c53b9949cc9796883c8c701a3 Mon Sep 17 00:00:00 2001 From: Alex Korn Date: Sat, 20 Jun 2020 21:45:28 -0500 Subject: [PATCH] Issue #153: Add support for SameSite cookie flag Add support for SameSite cookie flag in PHP >= 7.3.0. I split this out as a separate if statement to keep existing functionality in 7.2.x as similar as possible. When dropping support for 7.2.x, the idea would be to turn the method into just what's in side the version-comparing `if`. --- src/Cookie.php | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/src/Cookie.php b/src/Cookie.php index 300e8fd..9303e79 100644 --- a/src/Cookie.php +++ b/src/Cookie.php @@ -140,6 +140,7 @@ protected static function getConfig(string $stored): SymmetricConfig * @param string $domain (defaults to NULL) * @param bool $secure (defaults to TRUE) * @param bool $httpOnly (defaults to TRUE) + * @param string $samesite (defaults to ''; PHP >= 7.3.0) * @return bool * * @throws InvalidDigestLength @@ -156,16 +157,34 @@ public function store( string $path = '/', string $domain = '', bool $secure = true, - bool $httpOnly = true + bool $httpOnly = true, + string $sameSite = '' ): bool { + $val = Crypto::encrypt( + new HiddenString( + (string) \json_encode($value) + ), + $this->key + ); + if (\version_compare(PHP_VERSION, '7.3.0') >= 0) { + $options = [ + 'expires' => (int) $expire, + 'path' => (string) $path, + 'domain' => (string) $domain, + 'secure' => (bool) $secure, + 'httponly' => (bool) $httpOnly, + ]; + if ($sameSite !== '') { + $options['samesite'] = (string) $sameSite; + } + return \setcookie( + $name, + $val, + $options); + } return \setcookie( $name, - Crypto::encrypt( - new HiddenString( - (string) \json_encode($value) - ), - $this->key - ), + $val, (int) $expire, (string) $path, (string) $domain,