"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "docs/guide/runtime-sessions-cookies.md" between
yii2-2.0.35.tar.gz and yii2-2.0.36.tar.gz

About: Yii 2 is a high-performance component-based PHP framework for developing large-scale Web applications (source).

runtime-sessions-cookies.md  (yii2-2.0.35):runtime-sessions-cookies.md  (yii2-2.0.36)
skipping to change at line 394 skipping to change at line 394
You may read the [SameSite wiki article](https://www.owasp.org/index.php/SameSit e) for more details. You may read the [SameSite wiki article](https://www.owasp.org/index.php/SameSit e) for more details.
For better security, an exception will be thrown if `sameSite` is used with an u nsupported version of PHP. For better security, an exception will be thrown if `sameSite` is used with an u nsupported version of PHP.
To use this feature across different PHP versions check the version first. E.g. To use this feature across different PHP versions check the version first. E.g.
```php ```php
[ [
'sameSite' => PHP_VERSION_ID >= 70300 ? yii\web\Cookie::SAME_SITE_LAX : null , 'sameSite' => PHP_VERSION_ID >= 70300 ? yii\web\Cookie::SAME_SITE_LAX : null ,
] ]
``` ```
> Note: Since not all browsers support the `sameSite` setting yet, it is still s trongly recommended to also include > Note: Since not all browsers support the `sameSite` setting yet, it is still s trongly recommended to also include
[additional CSRF protection](security-best-practices.md#avoiding-csrf). [additional CSRF protection](security-best-practices.md#avoiding-csrf).
## Session php.ini settings
As [noted in PHP manual](https://www.php.net/manual/en/session.security.ini.php)
, `php.ini` has important
session security settings. Please ensure recommended settings are applied. Espec
ially `session.use_strict_mode`
that is not enabled by default in PHP installations.
 End of changes. 1 change blocks. 
0 lines changed or deleted 0 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)