Closed hamzawain7 closed 2 years ago
You must set variable secure to true, by default function set_cookie secure = false
set_cookie([
'name' => 'pmw',
'value' => 2,
'secure' => true,
'samesite' => 'None',
]);
If you want create cookie with default config (see https://codeigniter.com/user_guide/libraries/cookies.html#creating-cookies) or you can using set_cookie
helper
$cookieConfig = config('cookie');
set_cookie([
'name' => 'pmw',
'value' => 2,
'expire' => $cookieConfig->expires,
'domain' => $cookieConfig->domain,
'path' => $cookieConfig->path,
'prefix' => $cookieConfig->prefix,
'secure' => $cookieConfig->secure,
'httponly' => $cookieConfig->httponly,
'samesite' => $cookieConfig->samesite,
]);
set_cookie function uses new Cookie in its implementation which makes it get the default value of "domain", "samesite" and other non bool config values, but doesn't for "secure". Isn't that inconsistency? Won't it better for all of them to fallback to values in config?
When constructing the Cookie object, only the name attribute is required. All other else are optional. If the optional attributes are not modified, their values will be filled up by the default values saved in the Cookie class. To override the defaults currently stored in the class, you can pass a Config\Cookie instance or an array of defaults to the static Cookie::setDefaults() method. https://codeigniter4.github.io/CodeIgniter4/libraries/cookies.html#creating-cookies
Reading the user guide, I think the values in the Config file should be used for unspecified items.
This used to work in CI3 because I think the default value of $secure param of set_cookie function used to be null which later on fallback to default.
This seems the first commit: https://github.com/codeigniter4/CodeIgniter4/pull/241/files#diff-1ee301297e39aa12b421d2ad72d266269f4fc8fe56c01c366fbcdf16056a942dR82 However, no reason is given for the change in behavior from CI3.
I sent a PR: #6544
PHP Version
7.4
CodeIgniter4 Version
4.2.6
CodeIgniter4 Installation Method
Manual (zip or tar.gz)
Which operating systems have you tested for this bug?
macOS
Which server did you use?
apache
Database
No response
What happened?
set_cookie function in Helpers/cookie_helper.php is not using the default value $secure i specified in app/Config/Cookie.php.
This used to work in CI3 because I think the default value of $secure param of set_cookie function used to be null which later on fallback to default.****
Steps to Reproduce
Expected Output
No exception
Anything else?
No response