From e43b27a42dc875f8ffb03492b3dd251494d4584d Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Tue, 23 Sep 2025 15:07:31 -0700
Subject: [PATCH] Security - Secure session cookies by setting HttpOnly,
 Secure, and SameSite attributes (#7530)

---
 resources/require.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/resources/require.php b/resources/require.php
index f0eb440df7..855be2329c 100644
--- a/resources/require.php
+++ b/resources/require.php
@@ -88,10 +88,13 @@
 	global $database;
 	$database = database::new(['config' => $config]);
 
-//if not using the command line required files
+//start the session if not using the command line
 	global $no_session;
 	if (!defined('STDIN') && empty($no_session)) {
-		require_once __DIR__ . '/php.php';
+		ini_set('session.cookie_httponly', 'true');
+		ini_set('session.cookie_secure', 'true');
+		ini_set('session.cookie_samesite', 'Lax');
+		session_start();
 	}
 
 //load settings