SameSite-Attribut des Session-Cookies auf Strict setzen

author Moritz Bunkus <m.bunkus@linet.de>

Mon, 11 Apr 2022 13:26:57 +0000 (15:26 +0200)

committer Moritz Bunkus <m.bunkus@linet.de>

Mon, 11 Apr 2022 13:26:57 +0000 (15:26 +0200)
author Moritz Bunkus <m.bunkus@linet.de>
Mon, 11 Apr 2022 13:26:57 +0000 (15:26 +0200)
committer Moritz Bunkus <m.bunkus@linet.de>
Mon, 11 Apr 2022 13:26:57 +0000 (15:26 +0200)
diff --git a/SL/Form.pm b/SL/Form.pm

index 46c7f6e..fd79b96 100644 (file)
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -389,6 +389,7 @@ sub create_http_response {
                                       '-path'    => $uri->path,
                                       '-expires' => '+' . $::auth->{session_timeout} . 'm',
                                       '-secure'  => $::request->is_https);
+      $session_cookie = "$session_cookie; SameSite=strict";
      }
    }
author	Moritz Bunkus <m.bunkus@linet.de>
	Mon, 11 Apr 2022 13:26:57 +0000 (15:26 +0200)
committer	Moritz Bunkus <m.bunkus@linet.de>
	Mon, 11 Apr 2022 13:26:57 +0000 (15:26 +0200)