diff options
| author | Frederik Bosch <f.bosch@genkgo.nl> | 2017-07-07 19:06:53 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-07-31 12:40:24 +0200 |
| commit | 08b9310e6d8fc83e785213aab95afbec4d248c0f (patch) | |
| tree | b9e14ee7c30226e790503aeadbfbf8dacd47da7f /php.ini-production | |
| parent | 3ccd98547828297e52f04885840facc4856dcb1f (diff) | |
| download | php-git-08b9310e6d8fc83e785213aab95afbec4d248c0f.tar.gz | |
implement same site cookie see https://bugs.php.net/bug.php?id=72230 see https://tools.ietf.org/html/draft-west-first-party-cookies-07 see https://scotthelme.co.uk/csrf-is-dead/
Diffstat (limited to 'php.ini-production')
| -rw-r--r-- | php.ini-production | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/php.ini-production b/php.ini-production index 59f9f6fd50..dbd417558f 100644 --- a/php.ini-production +++ b/php.ini-production @@ -1397,6 +1397,11 @@ session.cookie_domain = ; http://php.net/session.cookie-httponly session.cookie_httponly = +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Lax" or "Strict" +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + ; Handler used to serialize data. php is the standard serializer of PHP. ; http://php.net/session.serialize-handler session.serialize_handler = php |