selective-php · odan · Jul 12, 2025 · Jun 13, 2025 · Jun 13, 2025 · Jun 13, 2025
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2023 odan
+Copyright (c) 2025 odan
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ A PSR-15 middleware to secure your site with SameSite cookies :cookie:
 
 ## Requirements
 
-* PHP 8.1+
+* PHP 8.1 - 8.4
 
 ## Installation
 

diff --git a/composer.json b/composer.json
@@ -11,15 +11,15 @@
     ],
     "homepage": "https://github.com/selective-php/samesite-cookie",
     "require": {
-        "php": "^7.2 || ^8.0",
+        "php": "8.1.* || 8.2.* || 8.3.* || 8.4.*",
         "psr/http-message": "^1",
         "psr/http-server-handler": "^1",
         "psr/http-server-middleware": "^1"
     },
     "require-dev": {
         "friendsofphp/php-cs-fixer": "^3",
-        "middlewares/utils": "^3",
-        "phpstan/phpstan": "^1",
+        "middlewares/utils": "^3 || ^4",
+        "phpstan/phpstan": "^1 || ^2",
         "phpunit/phpunit": "^10",
         "slim/psr7": "^1",
         "squizlabs/php_codesniffer": "^3"
@@ -49,13 +49,16 @@
         "sniffer:check": "phpcs --standard=phpcs.xml",
         "sniffer:fix": "phpcbf --standard=phpcs.xml",
         "stan": "phpstan analyse -c phpstan.neon --no-progress --ansi",
-        "test": "phpunit --configuration phpunit.xml --do-not-cache-result --colors=always",
+        "test": "phpunit --configuration phpunit.xml --do-not-cache-result --colors=always --display-warnings --display-deprecations --no-coverage",
         "test:all": [
             "@cs:check",
             "@sniffer:check",
             "@stan",
             "@test"
         ],
-        "test:coverage": "php -d xdebug.mode=coverage -r \"require 'vendor/bin/phpunit';\" -- --configuration phpunit.xml --do-not-cache-result --colors=always --coverage-clover build/logs/clover.xml --coverage-html build/coverage"
+        "test:coverage": [
+            "@putenv XDEBUG_MODE=coverage",
+            "phpunit --configuration phpunit.xml --do-not-cache-result --colors=always --display-warnings --display-deprecations --coverage-clover build/coverage/clover.xml --coverage-html build/coverage --coverage-text"
+        ]
     }
 }
diff --git a/src/SameSiteCookieMiddleware.php b/src/SameSiteCookieMiddleware.php
@@ -30,8 +30,8 @@ final class SameSiteCookieMiddleware implements MiddlewareInterface
      * @param SessionHandlerInterface|null $sessionHandler The session handler
      */
     public function __construct(
-        SameSiteCookieConfiguration $configuration = null,
-        SessionHandlerInterface $sessionHandler = null
+        ?SameSiteCookieConfiguration $configuration = null,
+        ?SessionHandlerInterface $sessionHandler = null
     ) {
         $this->configuration = $configuration ?: new SameSiteCookieConfiguration();
         $this->sessionHandler = $sessionHandler ?: new PhpSessionHandler();

diff --git a/src/SameSiteSessionMiddleware.php b/src/SameSiteSessionMiddleware.php
@@ -22,8 +22,9 @@ final class SameSiteSessionMiddleware implements MiddlewareInterface
      *
      * @param SessionHandlerInterface|null $sessionHandler The session handler
      */
-    public function __construct(SessionHandlerInterface $sessionHandler = null)
-    {
+    public function __construct(
+        ?SessionHandlerInterface $sessionHandler = null
+    ) {
         $this->sessionHandler = $sessionHandler ?: new PhpSessionHandler();
     }
 

diff --git a/tests/SameSiteCookieMiddlewareTest.php b/tests/SameSiteCookieMiddlewareTest.php
@@ -32,4 +32,29 @@ public function testDefaultConfiguration(): void
         $this->assertSame('PHPSESSID=v3absd19o9pi6cjvhb5pkmsfo9; path=/; Secure; HttpOnly; SameSite=Lax;', $cookie);
         $this->assertSame('', (string)$response->getBody());
     }
+
+    /**
+     * Test with own settings.
+     */
+    public function testDefaultConfigurationWithOwnSettings(): void
+    {
+        $settings = [
+            'start_session' => true,
+            'same_site' => 'Strict',
+            'http_only' => false,
+        ];
+
+        $configuration = new SameSiteCookieConfiguration($settings);
+
+        session_id('v3absd19o9pi6cjvhb5pkmsfo9');
+
+        $response = $this->runQueue([
+            new SameSiteSessionMiddleware(),
+            new SameSiteCookieMiddleware($configuration),
+        ]);
+
+        $cookie = $response->getHeaderLine('Set-Cookie');
+        $this->assertSame('PHPSESSID=v3absd19o9pi6cjvhb5pkmsfo9; path=/; Secure; SameSite=Strict;', $cookie);
+        $this->assertSame('', (string)$response->getBody());
+    }
 }