From c182a0c43ca7420626cc812532cfef409e280221 Mon Sep 17 00:00:00 2001
From: Pantelis Roditis <proditis@echothrust.com>
Date: Wed, 20 Nov 2024 10:48:38 +0200
Subject: [PATCH] make our cookies a tiny bit more secure and consistent

---
 frontend/config/web.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/frontend/config/web.php b/frontend/config/web.php
index 2300393f4..73ba454f3 100644
--- a/frontend/config/web.php
+++ b/frontend/config/web.php
@@ -170,7 +170,9 @@
       'name' => 'red',
       'timeout' => 3600 * 12,
       'cookieParams' => [
+        'secure' => true,
         'sameSite' => 'Strict',
+        'lifetime'=> 3600 * 12,
         'httpOnly' => true
       ],
     ],
@@ -178,7 +180,12 @@
       //'class' => '\app\components\User',
       'identityClass' => '\app\models\Player',
       'enableAutoLogin' => true,
-      'identityCookie' => ['name' => '_identity-red', 'httpOnly' => true, /*'sameSite'=>'Lax'*/],
+      'identityCookie' => [
+        'name' => '_identity-red',
+        'secure' => true,
+        'httpOnly' => true,
+        'sameSite'=>'Strict'
+      ],
     ],
     'errorHandler' => [
       'errorAction' => 'site/error',