summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--php.ini7
1 files changed, 4 insertions, 3 deletions
diff --git a/php.ini b/php.ini
index d52aeaa..ebad37a 100644
--- a/php.ini
+++ b/php.ini
@@ -1322,7 +1322,8 @@ session.cookie_domain =
session.cookie_httponly =
; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
-; Current valid values are "Lax" or "Strict"
+; Current valid values are "Strict", "Lax" or "None". When using "None",
+; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
; https://tools.ietf.org/html/draft-west-first-party-cookies-07
session.cookie_samesite =
@@ -1365,8 +1366,8 @@ session.gc_maxlifetime = 1440
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
-; For example, the following script would is the equivalent of
-; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+; For example, the following script is the equivalent of setting
+; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; find /path/to/sessions -cmin +24 -type f | xargs rm
; Check HTTP Referer to invalidate externally stored URLs containing ids.