implement same site cookie see https://bugs.php.net/bug.php?id=72230 see https://tools.ietf.org/html/draft-west-first-party-cookies-07 see https://scotthelme.co.uk/csrf-is-dead/

author: Frederik Bosch <f.bosch@genkgo.nl> 2017-07-07 19:06:53 +0200
committer: Christoph M. Becker <cmbecker69@gmx.de> 2018-07-31 12:40:24 +0200
commit: 08b9310e6d8fc83e785213aab95afbec4d248c0f (patch)
tree: b9e14ee7c30226e790503aeadbfbf8dacd47da7f /php.ini-development
parent: 3ccd98547828297e52f04885840facc4856dcb1f (diff)
download: php-git-08b9310e6d8fc83e785213aab95afbec4d248c0f.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/php.ini-development b/php.ini-development
index af2cf1092f..9edeb0780a 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -1390,6 +1390,11 @@ session.cookie_domain =
 ; http://php.net/session.cookie-httponly
 session.cookie_httponly =
 
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Lax" or "Strict"
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+session.cookie_samesite =
+
 ; Handler used to serialize data. php is the standard serializer of PHP.
 ; http://php.net/session.serialize-handler
 session.serialize_handler = php
author	Frederik Bosch <f.bosch@genkgo.nl>	2017-07-07 19:06:53 +0200
committer	Christoph M. Becker <cmbecker69@gmx.de>	2018-07-31 12:40:24 +0200
commit	08b9310e6d8fc83e785213aab95afbec4d248c0f (patch)
tree	b9e14ee7c30226e790503aeadbfbf8dacd47da7f /php.ini-development
parent	3ccd98547828297e52f04885840facc4856dcb1f (diff)
download	php-git-08b9310e6d8fc83e785213aab95afbec4d248c0f.tar.gz