diff --git a/apps/qubit/config/qubitConfiguration.class.php b/apps/qubit/config/qubitConfiguration.class.php index b25e2dd317..d61ce449ae 100644 --- a/apps/qubit/config/qubitConfiguration.class.php +++ b/apps/qubit/config/qubitConfiguration.class.php @@ -24,7 +24,7 @@ class qubitConfiguration extends sfApplicationConfiguration public function listenToChangeCultureEvent(sfEvent $event) { - setcookie('atom_culture', $event['culture'], ['path' => '/']); + setcookie('atom_culture', $event['culture'], ['path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'strict']); } /** diff --git a/apps/qubit/modules/user/actions/loginAction.class.php b/apps/qubit/modules/user/actions/loginAction.class.php index 992b2b2bef..ec2ef64c8d 100644 --- a/apps/qubit/modules/user/actions/loginAction.class.php +++ b/apps/qubit/modules/user/actions/loginAction.class.php @@ -69,7 +69,7 @@ public function execute($request) } // Can be read by reverse proxies to allow users to bypass caching - setcookie('atom_authenticated', '1', ['path' => '/']); + setcookie('atom_authenticated', '1', ['path' => '/', 'secure' => true, 'samesite' => 'strict']); if (null !== $next = $this->form->getValue('next')) { $this->redirect($next); diff --git a/lib/myUser.class.php b/lib/myUser.class.php index 3febfb90a6..6a21da2491 100644 --- a/lib/myUser.class.php +++ b/lib/myUser.class.php @@ -75,7 +75,7 @@ public function initialize(sfEventDispatcher $dispatcher, sfStorage $storage, $o // Allow reverse proxies to know, via the "atom_authenticated" cookie, if a user // is authenticated and should be able to bypass the cache if (!isset($_COOKIE['atom_authenticated']) || $_COOKIE['atom_authenticated'] != $isAuthenticated) { - setcookie('atom_authenticated', $isAuthenticated, ['path' => '/']); + setcookie('atom_authenticated', $isAuthenticated, ['path' => '/', 'secure' => true, 'samesite' => 'strict']); } // Allow reverse proxies to pass a header to change culture