diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2020-02-20 06:05:15 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-20 06:05:15 +0300 |
commit | 071f505d19924503691d4f4028ad58c4f50ffb50 (patch) | |
tree | 268fe99b6b6f8996fadada44f64cd4acfe24b950 /plugins/Overlay | |
parent | 2ca0084054e596e2bcce1edff76d62040bf0b23a (diff) |
Fix couple issues w/ samesite handling in session, make sure session … (#15561)
Diffstat (limited to 'plugins/Overlay')
-rw-r--r-- | plugins/Overlay/Controller.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/plugins/Overlay/Controller.php b/plugins/Overlay/Controller.php index 98ff9937d5..d7d42fa48e 100644 --- a/plugins/Overlay/Controller.php +++ b/plugins/Overlay/Controller.php @@ -20,6 +20,7 @@ use Piwik\Plugins\SegmentEditor\SegmentFormatter; use Piwik\Plugins\SitesManager\API as APISitesManager; use Piwik\ProxyHttp; use Piwik\Segment; +use Piwik\Session; use Piwik\Tracker\Action; use Piwik\Tracker\PageUrl; use Piwik\View; @@ -43,6 +44,12 @@ class Controller extends \Piwik\Plugin\Controller { Piwik::checkUserHasViewAccess($this->idSite); + // Overlay needs to send requests w/ the session cookie from within the tracked website, which means + // we can't use SameSite=Lax. So, we regenerate the session ID here (in Session.php there is a hardcoded + // check for Overlay, so will be set to SameSite=None). + // Note: this means the new session ID will have SameSite=None until it regenerates on a non-Overlay page. + Session::regenerateId(); + $template = '@Overlay/index'; if (Config::getInstance()->General['overlay_disable_framed_mode']) { $template = '@Overlay/index_noframe'; |