Merge branch '6179-improve-session-security' into 'develop'

Marius Burkard · Marius Burkard · commit 36cdb85858b5 · 2021-06-08T09:13:26.000Z
Resolve "Improve session security"

Closes #6179

See merge request ispconfig/ispconfig3!1488
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
@@ -126,6 +126,9 @@ public function initialize_session() {
 				array($this->session, 'destroy'),
 				array($this->session, 'gc'));
 
+			ini_set('session.cookie_httponly', true);
+			@ini_set('session.cookie_samesite', 'Lax');
+
 			session_start();
 
 			//* Initialize session variables
