Better secure Cookies, to change PHPSESSID you have to edit php.ini session.name…

Better secure Cookies, to change PHPSESSID you have to edit php.ini session.name AND uncomment line20 in framework.yaml

Better secure Cookies, to change PHPSESSID you have to edit php.ini session.name…
Better secure Cookies, to change PHPSESSID you have to edit php.ini session.name AND uncomment line20 in framework.yaml
c25563c2 · Julien Jorry · 4de472cf · c25563c2 · c25563c2
Commit c25563c2 authored Jun 22, 2021 by Julien Jorry
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 1 deletions

framework.yaml config/packages/framework.yaml +9 -1

security.yaml config/packages/security.yaml +3 -0

No files found.
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -9,7 +9,15 @@ framework:
    # Enables session support. Note that the session will ONLY be started if you read or write from it.
    # Remove or comment this section to explicitly disable session support.
    session:
-        handler_id: ~
+         # enables the support of sessions in the app
+        enabled: true
+        # ID of the service used for session storage.
+        # NULL means that Symfony uses PHP default session mechanism
+        handler_id: null
+        # improves the security of the cookies used for sessions
+        cookie_secure: 'auto'
+        cookie_samesite: 'lax'
+        # name: Kohinossessid

    #esi: true
    #fragments: true

--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -67,6 +67,9 @@ security:
                domain:         ~
                user_provider:  fos_userbundle
                always_remember_me: true
+                name: KOHINOSREMEMBERME
+                secure: true
+                samesite: strict
            context: mlc_context
            switch_user:
                provider: fos_userbundle