Add support for SameSite cookie session setting

mentalstring · mentalstring · commit b0ba1a88a03b · 2025-09-16T18:38:21.000+01:00
diff --git a/lib/response/sfWebResponse.class.php b/lib/response/sfWebResponse.class.php
@@ -162,18 +162,18 @@ public function isHeaderOnly()
     /**
      * Sets a cookie.
      *
-     * @param string $name     HTTP header name
-     * @param string $value    Value for the cookie
-     * @param string $expire   Cookie expiration period
-     * @param string $path     Path
-     * @param string $domain   Domain name
-     * @param bool   $secure   If secure
-     * @param bool   $httpOnly If uses only HTTP
-     * @param bool   $samesite If uses Same-site cookies
+     * @param string                   $name     HTTP header name
+     * @param string                   $value    Value for the cookie
+     * @param string                   $expire   Cookie expiration period
+     * @param string                   $path     Path
+     * @param string                   $domain   Domain name
+     * @param bool                     $secure   If secure
+     * @param bool                     $httpOnly If uses only HTTP
+     * @param ''|'None'|'Lax'|'Strict' $samesite If uses Same-site cookies
      *
      * @throws sfException If fails to set the cookie
      */
-    public function setCookie($name, $value, $expire = null, $path = '/', $domain = '', $secure = false, $httpOnly = false, $samesite = '')
+    public function setCookie($name, $value, $expire = null, $path = '/', $domain = '', $secure = false, $httpOnly = false, string $samesite = '')
     {
         if (null !== $expire) {
             if (is_numeric($expire)) {
diff --git a/lib/storage/sfSessionStorage.class.php b/lib/storage/sfSessionStorage.class.php
@@ -82,14 +82,13 @@ public function initialize($options = null)
         $samesite = $this->options['session_cookie_samesite'];
         session_set_cookie_params([
             'lifetime' => $lifetime,
-            'path'     => $path,
-            'domain'   => $domain,
-            'secure'   => $secure,
+            'path' => $path,
+            'domain' => $domain,
+            'secure' => $secure,
             'httponly' => $httpOnly,
             'samesite' => $samesite,
         ]);
 
-
         if (null !== $this->options['session_cache_limiter']) {
             session_cache_limiter($this->options['session_cache_limiter']);
         }
