Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Web] make SameSite policy and cookie name configurable via vars.local.inc

FreddleSpl0it 5 days ago
parent
922d173540
commit
1ef0149076
2 changed files with 9 additions and 2 deletions
Unified View Show Diff Stats
  1. 2 2
      data/web/inc/sessions.inc.php
  2. 7 0
      data/web/inc/vars.inc.php

+ 2 - 2
data/web/inc/sessions.inc.php
View File 

@@ -1,9 +1,9 @@
 
 <?php
 
 <?php
 
 // Start session
 
 // Start session
 
 if (session_status() !== PHP_SESSION_ACTIVE) {
 
 if (session_status() !== PHP_SESSION_ACTIVE) {
 
-  session_name('MCSESSID');
 
+  session_name($SESSION_NAME);
 
   ini_set("session.cookie_httponly", 1);
 
   ini_set("session.cookie_httponly", 1);
 
-  ini_set("session.cookie_samesite", "Lax");
 
+  ini_set("session.cookie_samesite", $SESSION_SAMESITE_POLICY);
 
   ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
 
   ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
 
 }
 
 }

+ 7 - 0
data/web/inc/vars.inc.php
View File 

@@ -153,6 +153,13 @@ $LOG_PAGINATION_SIZE = 50;
 
 // Session lifetime in seconds
 
 // Session lifetime in seconds
 
 $SESSION_LIFETIME = 10800;
 
 $SESSION_LIFETIME = 10800;
 
 
 
+// Session SameSite Policy
 
+// Use "None", "Lax" or "Strict"
 
+$SESSION_SAMESITE_POLICY = "Lax";
 
+
 
+// Name of the session cookie
 
+$SESSION_NAME = "MCSESSID";
 
+
 
 // Label for OTP devices
 
 // Label for OTP devices
 
 $OTP_LABEL = "mailcow UI";
 
 $OTP_LABEL = "mailcow UI";