From 67093c879a6563aa6ee08003177777d1975e2351 Mon Sep 17 00:00:00 2001
From: star7th <xing7th@gmail.com>
Date: Tue, 19 Oct 2021 22:19:10 +0800
Subject: [PATCH] Strict cookie

---
 .../Api/Controller/UserController.class.php   | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/server/Application/Api/Controller/UserController.class.php b/server/Application/Api/Controller/UserController.class.php
index f72f6539c..92ef92b11 100644
--- a/server/Application/Api/Controller/UserController.class.php
+++ b/server/Application/Api/Controller/UserController.class.php
@@ -42,8 +42,12 @@ public function register(){
                     unset($ret['password']);
                     session("login_user" , $ret );
                     $token = D("UserToken")->createToken($ret['uid']);
-                    cookie('cookie_token',$token,array('expire'=>60*60*24*90,'httponly'=>'httponly'));//此处由服务端控制token是否过期，所以cookies过期时间设置多久都无所谓
-                  $this->sendResult(array(
+                    if(version_compare(PHP_VERSION,'7.3.0','>')){
+                        setcookie('cookie_token',$token,array('expires'=>time()+60*60*24*180,'httponly'=>'httponly','samesite' => 'Strict','path'=>'/'));
+                      }else{
+                        cookie('cookie_token',$token,array('expire'=>60*60*24*180,'httponly'=>'httponly'));
+                    }
+                    $this->sendResult(array(
                     "uid" => $ret['uid'] ,
                     "username" => $ret['username'] ,
                     "name" => $ret['name'] ,
@@ -134,7 +138,11 @@ public function login(){
           session("login_user" , $ret );
           D("User")->setLastTime($ret['uid']);
           $token = D("UserToken")->createToken($ret['uid'],60*60*24*180);
-          cookie('cookie_token',$token,array('expire'=>60*60*24*180,'httponly'=>'httponly'));//此处由服务端控制token是否过期，所以cookies过期时间设置多久都无所谓
+          if(version_compare(PHP_VERSION,'7.3.0','>')){
+            setcookie('cookie_token',$token,array('expires'=>time()+60*60*24*180,'httponly'=>'httponly','samesite' => 'Strict','path'=>'/'));
+          }else{
+            cookie('cookie_token',$token,array('expire'=>60*60*24*180,'httponly'=>'httponly'));
+          }
           $this->sendResult(array(
             "uid" => $ret['uid'] ,
             "username" => $ret['username'] ,
@@ -247,8 +255,11 @@ public function registerByVerify(){
                     unset($ret['password']);
                     session("login_user" , $ret );
                     $token = D("UserToken")->createToken($ret['uid']);
-                    cookie('cookie_token',$token,array('expire'=>60*60*24*90,'httponly'=>'httponly'));//此处由服务端控制token是否过期，所以cookies过期时间设置多久都无所谓
-                    
+                    if(version_compare(PHP_VERSION,'7.3.0','>')){
+                        setcookie('cookie_token',$token,array('expires'=>time()+60*60*24*180,'httponly'=>'httponly','samesite' => 'Strict','path'=>'/'));
+                      }else{
+                        cookie('cookie_token',$token,array('expire'=>60*60*24*180,'httponly'=>'httponly'));
+                    }                    
                     $this->sendResult(array(
                         "uid" => $ret['uid'] ,
                         "username" => $ret['username'] ,