lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2022-04-14 23:15:05 +02:00
commit 3e5f84b6cd
1 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
htdocs/main.inc.php
View File

@ -280,7 +280,20 @@ if (!empty($_POST["DOL_AUTOSET_COOKIE"])) {
$cookiename = $tmpautoset[0];
$cookievalue = json_encode($cookiearrayvalue);
//var_dump('setcookie cookiename='.$cookiename.' cookievalue='.$cookievalue);
setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, empty($cookievalue) ? 0 : (time() + (86400 * 354)), '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // keep cookie 1 year and add tag httponly
if (PHP_VERSION_ID < 70300) {
setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, empty($cookievalue) ? 0 : (time() + (86400 * 354)), '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // keep cookie 1 year and add tag httponly
} else {
// Only available for php >= 7.3
$cookieparams = array(
'expires' => empty($cookievalue) ? 0 : (time() + (86400 * 354)),
'path' => '/',
//'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
'httponly' => true,
'samesite' => 'Lax' // None || Lax || Strict
);
setcookie($cookiename, empty($cookievalue) ? '' : $cookievalue, $cookieparams);
}
if (empty($cookievalue)) {
unset($_COOKIE[$cookiename]);
}
@ -305,7 +318,20 @@ if (!empty($_COOKIE[$sessiontimeout])) {
// This create lock, released by session_write_close() or end of page.
// We need this lock as long as we read/write $_SESSION ['vars']. We can remove lock when finished.
if (!defined('NOSESSION')) {
session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
if (PHP_VERSION_ID < 70300) {
session_set_cookie_params(0, '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
} else {
// Only available for php >= 7.3
$sessioncookieparams = array(
'lifetime' => 0,
'path' => '/',
//'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
'httponly' => true,
'samesite' => 'Lax' // None || Lax || Strict
);
session_set_cookie_params($sessioncookieparams);
}
session_name($sessionname);
session_start(); // This call the open and read of session handler
//exit; // this exist generates a call to write and close