You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think it'd be nice to have a well-defined mechanism to override PHP's default cookie parameters. Currently the params are retrieved by running session_get_cookie_params, and there's no way to override this behavior, so the only way to modify the cookie settings at runtime is to use something like ini_set('session.cookie_samesite', 'Strict'); (Apparently using session_set_cookie_params doesn't change the values returned by session_get_cookie_params, otherwise that'd be a more straightforward way to override these. I haven't verified that this is the case, though.)
Adding a cookie_params method taking an array would be simple, or individual methods could be added per setting so the available options are more self-documenting, but that expands the public method footprint quite a bit.
If messing with cookie params seems out of scope for the project (since it's sending cookies, it doesn't seem like it should be), adding an example to the Readme of the preferred method to set/override those parameters would be a painless solution.
The text was updated successfully, but these errors were encountered:
I think it'd be nice to have a well-defined mechanism to override PHP's default cookie parameters. Currently the params are retrieved by running
session_get_cookie_params
, and there's no way to override this behavior, so the only way to modify the cookie settings at runtime is to use something likeini_set('session.cookie_samesite', 'Strict');
(Apparently usingsession_set_cookie_params
doesn't change the values returned bysession_get_cookie_params
, otherwise that'd be a more straightforward way to override these. I haven't verified that this is the case, though.)Adding a
cookie_params
method taking an array would be simple, or individual methods could be added per setting so the available options are more self-documenting, but that expands the public method footprint quite a bit.If messing with cookie params seems out of scope for the project (since it's sending cookies, it doesn't seem like it should be), adding an example to the Readme of the preferred method to set/override those parameters would be a painless solution.
The text was updated successfully, but these errors were encountered: