Skip to content

Commit d4e8977

Browse files
fabpotnicolas-grekas
fabpot
authored and
nicolas-grekas
committed
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
1 parent 10d5122 commit d4e8977

File tree

3 files changed

+4
-1
lines changed

3 files changed

+4
-1
lines changed

DependencyInjection/Configuration.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
use Symfony\Component\Config\Definition\ConfigurationInterface;
2121
use Symfony\Component\DependencyInjection\Exception\LogicException;
2222
use Symfony\Component\Form\Form;
23+
use Symfony\Component\HttpFoundation\Cookie;
2324
use Symfony\Component\Lock\Lock;
2425
use Symfony\Component\Lock\Store\SemaphoreStore;
2526
use Symfony\Component\PropertyInfo\PropertyInfoExtractorInterface;
@@ -490,6 +491,7 @@ private function addSessionSection(ArrayNodeDefinition $rootNode)
490491
->scalarNode('cookie_domain')->end()
491492
->booleanNode('cookie_secure')->end()
492493
->booleanNode('cookie_httponly')->defaultTrue()->end()
494+
->enumNode('cookie_samesite')->values([null, Cookie::SAMESITE_LAX, Cookie::SAMESITE_STRICT])->defaultNull()->end()
493495
->booleanNode('use_cookies')->end()
494496
->scalarNode('gc_divisor')->end()
495497
->scalarNode('gc_probability')->defaultValue(1)->end()

DependencyInjection/FrameworkExtension.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -867,7 +867,7 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
867867
// session storage
868868
$container->setAlias('session.storage', $config['storage_id'])->setPrivate(true);
869869
$options = ['cache_limiter' => '0'];
870-
foreach (['name', 'cookie_lifetime', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'use_cookies', 'gc_maxlifetime', 'gc_probability', 'gc_divisor', 'use_strict_mode'] as $key) {
870+
foreach (['name', 'cookie_lifetime', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'cookie_samesite', 'use_cookies', 'gc_maxlifetime', 'gc_probability', 'gc_divisor'] as $key) {
871871
if (isset($config[$key])) {
872872
$options[$key] = $config[$key];
873873
}

Tests/DependencyInjection/ConfigurationTest.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -436,6 +436,7 @@ protected static function getBundleDefaultConfig()
436436
'storage_id' => 'session.storage.native',
437437
'handler_id' => 'session.handler.native_file',
438438
'cookie_httponly' => true,
439+
'cookie_samesite' => null,
439440
'gc_probability' => 1,
440441
'save_path' => '%kernel.cache_dir%/sessions',
441442
'metadata_update_threshold' => '0',

0 commit comments

Comments
 (0)