Allow setting cookies as secure + httpOnly

NamelessMC · Oct 25, 2021 · d9e795d · d9e795d
1 parent a65cc32
commit d9e795d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/core/classes/Cookie.php b/core/classes/Cookie.php
@@ -36,9 +36,12 @@ public static function get(string $name) {
      * @param string $name Name of cookie to create.
      * @param string $value Value to store in cookie.
      * @param int $expiry When does the cookie expire?
+     * @param ?bool $secure Create as secure cookie?
+     * @param ?bool $httpOnly Create as httpOnly cookie?
+     * @return bool Whether cookie was set or not
      */
-    public static function put(string $name, string $value, int $expiry): bool {
-        return setcookie($name, $value, time() + $expiry, '/');
+    public static function put(string $name, string $value, int $expiry, ?bool $secure = false, ?bool $httpOnly = false): bool {
+        return setcookie($name, $value, time() + $expiry, '/', null, $secure, $httpOnly);
     }
 
     /**

diff --git a/core/classes/User.php b/core/classes/User.php
@@ -225,7 +225,7 @@ private function _commonLogin(?string $username, ?string $password, bool $rememb
 
                 $expiry = $is_admin ? 3600 : Config::get('remember/cookie_expiry');
                 $cookieName = $is_admin ? ($this->_cookieName . '_adm') : $this->_cookieName;
-                Cookie::put($cookieName, $hash, $expiry);
+                Cookie::put($cookieName, $hash, $expiry, Util::isConnectionSSL(), true);
             }
 
             return true;