From 84e25851d3b06c6b7f5dbb30e33af47ca95ad812 Mon Sep 17 00:00:00 2001
From: Kevin Papst <kevinpapst@users.noreply.github.com>
Date: Thu, 7 Oct 2021 12:40:06 +0200
Subject: [PATCH] set security options on cookies (#2825)

---
 config/packages/framework.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index ab8be95d7c..a451c098d3 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -12,6 +12,9 @@ framework:
 
     session:
         handler_id: App\Security\SessionHandler
+        cookie_secure: auto
+        cookie_httponly: true
+        cookie_samesite: lax
 
     #esi: ~
     #fragments: ~