updated the cookie settings to be PHP 7.2 compatible

opencats · Aug 15, 2024 · d6042a5 · d6042a5
1 parent 6871a55
commit d6042a5
Showing 1 changed file with 32 additions and 25 deletions.
diff --git a/lib/Session.php b/lib/Session.php
@@ -885,31 +885,38 @@ public function processLogin($username, $password, $addToHistory = true)
                     );
                     $rs = $db->query($sql);
                 }
-$cookieValue = $this->getCookie();
-$cookieOptions = [
-//    'expires' => time() + 3600, // Example expiration time, adjust as needed
-//    'path' => '/', // Example path, adjust as needed
-//    'domain' => 'example.com', // Example domain, adjust as needed
-//    'secure' => true, // Example secure flag, adjust as needed
-    'httponly' => true,
-    'samesite' => 'Strict',
-];
-
-setcookie('session_cookie', $cookieValue, $cookieOptions);
-
-// Update the user session in the database
-$sql = sprintf(
-    "UPDATE
-        user
-     SET
-        force_logout = 0
-     WHERE
-        user_id = %s
-     AND
-        site_id = %s",
-    $db->makeQueryString($this->_userID),
-    $this->_siteID
-);
+                // Start output buffering to prevent "Headers Already Sent" errors
+                ob_start();
+
+                $cookieValue = $this->getCookie();
+                $expires = time() + 3600;  // Example expiration time, adjust as needed
+                $path = '/';
+                // $domain = 'example.com';   // Adjust as needed
+                $secure = true;            // Adjust based on your environment
+                $httponly = true;
+                $samesite = 'Strict';
+
+                // Manually append SameSite to the cookie header for PHP 7.2
+                setcookie('session_cookie', $cookieValue, $expires, "$path; SameSite=$samesite", $domain, $secure, $httponly);
+
+                // Update the user session in the database
+                $sql = sprintf(
+                    "UPDATE
+                    user
+                    SET
+                    force_logout = 0
+                        WHERE
+                        user_id = %s
+                        AND
+                        site_id = %s",
+                        $db->makeQueryString($this->_userID),
+                               $this->_siteID
+                );
+
+                // Flush the output buffer and send the output to the browser
+                ob_end_flush();
+
+
                 $rs = $db->query($sql);
 
                 break;