From: Moritz Bunkus <m.bunkus@linet.de>
Date: Mon, 11 Apr 2022 13:26:57 +0000 (+0200)
Subject: SameSite-Attribut des Session-Cookies auf Strict setzen
X-Git-Tag: kivitendo-mebil_0.1-0~10^2~2^2~55
X-Git-Url: http://wagnertech.de/git?p=kivitendo-erp.git;a=commitdiff_plain;h=86751c7ae29073882765941b5c636a178b2d6d19

SameSite-Attribut des Session-Cookies auf Strict setzen
---

diff --git a/SL/Form.pm b/SL/Form.pm
index 46c7f6ea5..fd79b9628 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -389,6 +389,7 @@ sub create_http_response {
                                      '-path'    => $uri->path,
                                      '-expires' => '+' . $::auth->{session_timeout} . 'm',
                                      '-secure'  => $::request->is_https);
+      $session_cookie = "$session_cookie; SameSite=strict";
     }
   }