Security - Secure session cookies by setting HttpOnly, Secure, and SameSite attributes (#7529)

2025-12-30 00:53:50 +00:00 · 2025-09-23 15:00:01 -07:00
parent 7f312f8169
commit 60a0a0ee2a
1 changed files with 3 additions and 0 deletions
--- a/resources/require.php
+++ b/resources/require.php
@@ -91,6 +91,9 @@
 //start the session if not using the command line
 	global $no_session;
 	if (!defined('STDIN') && empty($no_session)) {
+		ini_set('session.cookie_httponly', 'true');
+		ini_set('session.cookie_secure', 'true');
+		ini_set('session.cookie_samesite', 'Lax');
 		session_start();
 	}