Skip to content

Commit 66aed3a

Browse files
committedAug 22, 2022
SameSite session cookie prop should behave like other INI settings
It should warn if the INI setting is changed after headers are sent or a session is not active
1 parent a44fb09 commit 66aed3a

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed
 

‎UPGRADING

+5
Original file line numberDiff line numberDiff line change
@@ -280,6 +280,11 @@ PHP 8.2 UPGRADE NOTES
280280
- PCRE:
281281
. NUL characters (\0) in pattern strings are now supported.
282282

283+
- Session:
284+
. Trying to change the SameSite cookie INI setting while the session is
285+
active or output has already been sent will now fail and emit a warning.
286+
This aligns the behaviour with all other session INI settings.
287+
283288
- SQLite3:
284289
. sqlite3.defensive is now PHP_INI_USER.
285290

‎ext/session/session.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -784,7 +784,7 @@ PHP_INI_BEGIN()
784784
STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateSessionString, cookie_domain, php_ps_globals, ps_globals)
785785
STD_PHP_INI_ENTRY("session.cookie_secure", "0", PHP_INI_ALL, OnUpdateSessionBool, cookie_secure, php_ps_globals, ps_globals)
786786
STD_PHP_INI_ENTRY("session.cookie_httponly", "0", PHP_INI_ALL, OnUpdateSessionBool, cookie_httponly, php_ps_globals, ps_globals)
787-
STD_PHP_INI_ENTRY("session.cookie_samesite", "", PHP_INI_ALL, OnUpdateString, cookie_samesite, php_ps_globals, ps_globals)
787+
STD_PHP_INI_ENTRY("session.cookie_samesite", "", PHP_INI_ALL, OnUpdateSessionString, cookie_samesite, php_ps_globals, ps_globals)
788788
STD_PHP_INI_ENTRY("session.use_cookies", "1", PHP_INI_ALL, OnUpdateSessionBool, use_cookies, php_ps_globals, ps_globals)
789789
STD_PHP_INI_ENTRY("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateSessionBool, use_only_cookies, php_ps_globals, ps_globals)
790790
STD_PHP_INI_ENTRY("session.use_strict_mode", "0", PHP_INI_ALL, OnUpdateSessionBool, use_strict_mode, php_ps_globals, ps_globals)

0 commit comments

Comments
 (0)