From 51ffc05c4db265476c78edb8a93c331c3cdaff2f Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 10 May 2022 17:48:16 -0400
Subject: [PATCH] Set samesite for session ZMSESSID cookie for php < 7.3

---
 web/includes/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/includes/session.php b/web/includes/session.php
index 5c16eaac1..e76032577 100644
--- a/web/includes/session.php
+++ b/web/includes/session.php
@@ -30,7 +30,7 @@ function zm_session_start() {
     if ( version_compare(phpversion(), '7.3.0', '<') ) {
       session_set_cookie_params(
         $currentCookieParams['lifetime'],
-        $currentCookieParams['path'],
+        $currentCookieParams['path'].'; samesite=strict',
         $currentCookieParams['domain'],
         $currentCookieParams['secure'],
         $currentCookieParams['httponly']