From 928267287df532a6e8fb0775e3138ee21f2173f5 Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Mon, 27 May 2024 11:46:42 -0400
Subject: [PATCH] fix cookies

---
 .gitignore               |  1 -
 conf/ldap/ldap.env       |  1 +
 src/web/helpers/auth.php | 13 +++++++++----
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0b12f2d..1269488 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
 data
-conf/ldap/ldap.env
diff --git a/conf/ldap/ldap.env b/conf/ldap/ldap.env
index f387147..29f55c0 100644
--- a/conf/ldap/ldap.env
+++ b/conf/ldap/ldap.env
@@ -7,3 +7,4 @@ LDAP_FILTER="(&)"
 LDAP_UID="cn"
 
 HTTP_HOST=auth.example.com
+COOKIE_DOMAIN=example.com
diff --git a/src/web/helpers/auth.php b/src/web/helpers/auth.php
index 3ff1e71..9228706 100644
--- a/src/web/helpers/auth.php
+++ b/src/web/helpers/auth.php
@@ -13,13 +13,18 @@ function get_cookie() {
 
 function store_cookie($key) {
 	$cookie_name = 'X-LDAP-Auth-Key';
+	$cookie_options = array (
+         'expires' => time() + 60*60*24*30,
+         'path' => '/',
+		 'domain' => getenv("COOKIE_DOMAIN"),
+		 'secure' => true,
+		 'httponly' => true,
+		 'samesite' => 'None'
+    );
 	setcookie(
 		$cookie_name,
 		$key,
-		time() + (86400 * 30),
-		"/",
-		TRUE,
-		TRUE
+		$cookie_options
 	);
 }