- Timestamp:
- Feb 13, 2020 4:47:07 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r699 r711 1742 1742 * @param bool $secure Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. 1743 1743 * @param bool $httponly When TRUE the cookie will be made accessible only through the HTTP protocol (makes cookies unreadable to javascript). 1744 * @param string $samesite Value of the SameSite key ('None', 'Lax', or 'Strict'). PHP 7.3+ only. 1744 1745 * @return bool True on success, false on error. 1745 1746 * @author Quinn Comendant <quinn@strangecode.com> … … 1747 1748 * @since 02 May 2014 16:36:34 1748 1749 */ 1749 public function setCookie($name, $value, $expire='+10 years', $path='/', $domain=null, $secure=null, $httponly=null )1750 public function setCookie($name, $value, $expire='+10 years', $path='/', $domain=null, $secure=null, $httponly=null, $samesite=null) 1750 1751 { 1751 1752 if (!is_scalar($name)) { … … 1762 1763 $secure = $secure ?: getenv('HTTPS') == 'on'; 1763 1764 $httponly = $httponly ?: true; 1765 $samesite = $samesite ?: 'Lax'; 1764 1766 1765 1767 // Make sure the expiration date is a valid 32bit integer. … … 1770 1772 // Measure total cookie length and warn if larger than max recommended size of 4093. 1771 1773 // https://stackoverflow.com/questions/640938/what-is-the-maximum-size-of-a-web-browsers-cookies-key 1772 // The date the header name include51 bytes: Set-Cookie: ; expires=Fri, 03-May-2024 00:04:47 GMT1773 $cookielen = strlen($name . $value . $path . $domain . ($secure ? '; secure' : '') . ($httponly ? '; httponly' : '') ) + 51;1774 // The date and header name adds 51 bytes: Set-Cookie: ; expires=Fri, 03-May-2024 00:04:47 GMT 1775 $cookielen = strlen($name . $value . $path . $domain . ($secure ? '; secure' : '') . ($httponly ? '; httponly' : '') . ($samesite ? '; SameSite=' . $samesite : '')) + 51; 1774 1776 if ($cookielen > 4093) { 1775 1777 $this->logMsg(sprintf('Cookie "%s" has a size greater than 4093 bytes (is %s bytes)', $key, $cookielen), LOG_NOTICE, __FILE__, __LINE__); … … 1777 1779 1778 1780 // Ensure PHP version allow use of httponly. 1779 if (version_compare(PHP_VERSION, '5.2.0', '>=')) { 1781 if (version_compare(PHP_VERSION, '7.3.0', '>=')) { 1782 $ret = setcookie($name, $value, [ 1783 'expires' => $expire, 1784 'path' => $path, 1785 'domain' => $domain, 1786 'secure' => $secure, 1787 'httponly' => $httponly, 1788 'samesite' => $samesite, 1789 ]); 1790 } else if (version_compare(PHP_VERSION, '5.2.0', '>=')) { 1780 1791 $ret = setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); 1781 1792 } else {
Note: See TracChangeset
for help on using the changeset viewer.