Skip to content

Rewrite setcookie using new syntax#8447

Merged
Alkarex merged 2 commits intoFreshRSS:edgefrom
Alkarex:session_set_cookie_params
Jan 28, 2026
Merged

Rewrite setcookie using new syntax#8447
Alkarex merged 2 commits intoFreshRSS:edgefrom
Alkarex:session_set_cookie_params

Conversation

@Alkarex
Copy link
Member

@Alkarex Alkarex commented Jan 18, 2026

Follow-up of #2630 now that we have PHP 7.3+ (even PHP 8.1+).

  • The new syntax natively supports samesite, and also avoids the need of re-setting all parameters.
  • Use automatic path instead of own function getCookieDir().

Follow-up of #8446

  • Sanitize lifetime of session cookies from PHP ini to avoid likely invalid/misunderstood values

@Alkarex
Rewrite setcookie using new syntax
da31f2d 
Follow-up of FreshRSS#2630 now that we have PHP 7.3+ (even PHP 8.1+).
* The new syntax natively supports `samesite`, and also avoids the need of re-setting all parameters.
* Use automatic path instead of own function `getCookieDir()`.

Follow-up of FreshRSS#8446
* Sanitize lifetime of session cookies from PHP ini to avoid likely invalid/misunderstood values
@Alkarex Alkarex added the php Pull requests that update Php code label Jan 18, 2026
@Alkarex Alkarex added this to the 1.29.0 milestone Jan 18, 2026
@Alkarex Alkarex mentioned this pull request Jan 18, 2026
Closed
Alkarex
Alkarex commented Jan 18, 2026
View reviewed changes
lib/Minz/Session.php
self::keepCookie($cookie['lifetime']);
$params = session_get_cookie_params();
// Sanitize lifetime of session cookies from PHP ini `session.cookie_lifetime` (default 0)
$params['lifetime'] = ($params['lifetime'] <= 0 || $params['lifetime'] > 86400) ? 0 : $params['lifetime'];
Copy link
Member Author

@Alkarex Alkarex Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering whether we should just use 0 here instead of trying to use session.cookie_lifetime from php.ini (default 0).

Copy link
Member Author

@Alkarex Alkarex Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's come back to that in another PR if desired

@Alkarex Alkarex merged commit 0df3a3c into FreshRSS:edge Jan 28, 2026
1 check passed
@Alkarex Alkarex deleted the session_set_cookie_params branch January 28, 2026 07:21
@Frenzie Frenzie mentioned this pull request Feb 5, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

php Pull requests that update Php code

Projects

None yet

Milestone

1.29.0

Development

Successfully merging this pull request may close these issues.

1 participant

@Alkarex