From 60a0a0ee2a3a384d77570b6119e8238f1aadefed Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Tue, 23 Sep 2025 15:00:01 -0700
Subject: [PATCH] Security - Secure session cookies by setting HttpOnly,
 Secure, and SameSite attributes (#7529)

---
 resources/require.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/resources/require.php b/resources/require.php
index 81e3ac0033..855be2329c 100644
--- a/resources/require.php
+++ b/resources/require.php
@@ -91,6 +91,9 @@
 //start the session if not using the command line
 	global $no_session;
 	if (!defined('STDIN') && empty($no_session)) {
+		ini_set('session.cookie_httponly', 'true');
+		ini_set('session.cookie_secure', 'true');
+		ini_set('session.cookie_samesite', 'Lax');
 		session_start();
 	}