diff --git a/config/php.ini b/config/php.ini index 72f40ea0fb7611908c7aba69b46babb00cf432ed..086f7484a1caae7ac78bed673ae88b6ac48e7e13 100644 --- a/config/php.ini +++ b/config/php.ini @@ -1368,7 +1368,7 @@ session.use_strict_mode = 0 session.use_cookies = 1 ; https://php.net/session.cookie-secure -;session.cookie_secure = +session.cookie_secure = 1 ; This option forces PHP to fetch and use a cookie for storing and maintaining ; the session id. We encourage this operation as it's very helpful in combating @@ -1400,13 +1400,13 @@ session.cookie_domain = ; Whether or not to add the httpOnly flag to the cookie, which makes it ; inaccessible to browser scripting languages such as JavaScript. ; https://php.net/session.cookie-httponly -session.cookie_httponly = +session.cookie_httponly = 1 ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) ; Current valid values are "Strict", "Lax" or "None". When using "None", ; make sure to include the quotes, as `none` is interpreted like `false` in ini files. ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 -session.cookie_samesite = +session.cookie_samesite = "Strict" ; Handler used to serialize data. php is the standard serializer of PHP. ; https://php.net/session.serialize-handler