diff --git a/app/Services/OAuth2/PrincipalService.php b/app/Services/OAuth2/PrincipalService.php index e18b943d..7ae020bd 100644 --- a/app/Services/OAuth2/PrincipalService.php +++ b/app/Services/OAuth2/PrincipalService.php @@ -51,7 +51,8 @@ final class PrincipalService implements IPrincipalService $domain = Config::get("session.domain"), $secure = true, $httpOnly = false, - $sameSite = 'None' + $raw = false, + $sameSite = 'none' ); } $principal->setState @@ -110,7 +111,8 @@ final class PrincipalService implements IPrincipalService $domain = Config::get("session.domain"), $secure = true, $httpOnly = false, - $sameSite = 'None' + $raw = false, + $sameSite = 'none' ); Log::debug(sprintf("PrincipalService::register op_browser_state %s", $op_browser_state)); Session::put(self::OPBrowserState, $op_browser_state); @@ -136,7 +138,8 @@ final class PrincipalService implements IPrincipalService $domain = Config::get("session.domain"), $secure = true, $httpOnly = false, - $sameSite = 'None' + $raw = false, + $sameSite = 'none' ); } diff --git a/app/libs/Auth/AuthService.php b/app/libs/Auth/AuthService.php index 172a6c52..15167187 100644 --- a/app/libs/Auth/AuthService.php +++ b/app/libs/Auth/AuthService.php @@ -130,7 +130,8 @@ final class AuthService implements IAuthService $domain = Config::get("session.domain"), $secure = true, $httpOnly = true, - $sameSite = 'None' + $raw = false, + $sameSite = 'none' ); } @@ -312,7 +313,8 @@ final class AuthService implements IAuthService $domain = Config::get("session.domain"), $secure = true, $httpOnly = true, - $sameSite = 'None' + $raw = false, + $sameSite = 'none' ); } diff --git a/config/session.php b/config/session.php index 9e8b2309..0abc9aac 100644 --- a/config/session.php +++ b/config/session.php @@ -148,7 +148,7 @@ return [ | */ - 'secure' => env('SESSION_COOKIE_SECURE', false), + 'secure' => true, /* |-------------------------------------------------------------------------- @@ -176,6 +176,6 @@ return [ | */ - 'same_site' => null, + 'same_site' => 'none', ];