Session: added support for SameSite cookie

Author: dg

src/Http/Session.php

@@ -400,6 +400,9 @@ private function configure(array $config): void
 		}
 
 		if ($cookie !== $origCookie) {
+			if (isset($cookie['samesite'])) {
+				$cookie['path'] .= '; SameSite=' . $cookie['samesite'];
+			}
 			session_set_cookie_params(
 				$cookie['lifetime'], $cookie['path'], $cookie['domain'],
 				$cookie['secure'], $cookie['httponly']

tests/Http/Session.sameSite.phpt

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+if (PHP_SAPI === 'cli') {
+	Tester\Environment::skip('Cookies are not available in CLI');
+}
+
+
+$factory = new Nette\Http\RequestFactory;
+$session = new Nette\Http\Session($factory->createHttpRequest(), new Nette\Http\Response);
+
+$session->setOptions([
+	'cookie_samesite' => 'Lax',
+]);
+
+$session->start();
+
+Assert::contains(
+	'Set-Cookie: PHPSESSID=' . $session->getId() . '; path=/; SameSite=Lax; HttpOnly',
+	headers_list()
+);