Session cookie params

src/Protocols/Http/Request.php

@@ -307,7 +307,7 @@ class Request
                     return false;
                 }
                 $sid = $session_id ?: static::createSessionId();
-                $cookie_params = \session_get_cookie_params();
+                $cookie_params = Session::getCookieParams();
                 $this->setSidCookie($session_name, $sid, $cookie_params);
             }
             $this->sid = $sid;
@@ -330,7 +330,7 @@ class Request
         $new_sid = static::createSessionId();
         $session = new Session($new_sid);
         $session->put($session_data);
-        $cookie_params = \session_get_cookie_params();
+        $cookie_params = Session::getCookieParams();
         $session_name = Http::sessionName();
         $this->setSidCookie($session_name, $new_sid, $cookie_params);
     }

src/Protocols/Http/Session.php

@@ -14,6 +14,7 @@
 
 namespace Workerman\Protocols\Http;
 
+use Workerman\Protocols\Http\Session\FileSessionHandler;
 use Workerman\Protocols\Http\Session\SessionHandlerInterface;
 
 /**
@@ -27,7 +28,7 @@ class Session
      *
      * @var string
      */
-    protected static $_handlerClass = 'Workerman\Protocols\Http\Session\FileSessionHandler';
+    protected static $_handlerClass = FileSessionHandler::class;
 
     /**
      * Parameters of __constructor for session handler class.
@@ -37,25 +38,60 @@ class Session
     protected static $_handlerConfig = null;
 
     /**
-     * Session.gc_probability
+     * Session lifetime.
      *
      * @var int
      */
-    protected static $_sessionGcProbability = 1;
+    public static $lifetime = 1440;
 
     /**
-     * Session.gc_divisor
+     * Cookie lifetime.
      *
      * @var int
      */
-    protected static $_sessionGcDivisor = 1000;
+    public static $cookieLifetime = 1440;
 
     /**
-     * Session.gc_maxlifetime
+     * Session cookie path.
      *
-     * @var int
+     * @var string
+     */
+    public static $cookiePath = '/';
+
+    /**
+     * Session cookie domain.
+     *
+     * @var string
+     */
+    public static $domain = '';
+
+    /**
+     * HTTPS only cookies.
+     *
+     * @var bool
+     */
+    public static $secure = false;
+
+    /**
+     * HTTP access only.
+     *
+     * @var bool
+     */
+    public static $httpOnly = true;
+
+    /**
+     * Same-site cookies.
+     *
+     * @var string
      */
-    protected static $_sessionGcMaxLifeTime = 1440;
+    public static $sameSite = '';
+
+    /**
+     * Gc probability.
+     *
+     * @var int[]
+     */
+    public static $gcProbability = [1, 1000];
 
     /**
      * Session handler instance.
@@ -276,17 +312,20 @@ class Session
      */
     public static function init()
     {
-        if ($gc_probability = \ini_get('session.gc_probability')) {
-            self::$_sessionGcProbability = (int)$gc_probability;
-        }
-
-        if ($gc_divisor = \ini_get('session.gc_divisor')) {
-            self::$_sessionGcDivisor = (int)$gc_divisor;
+        if ($gc_probability = (int)\ini_get('session.gc_probability') && $gc_divisor = (int)\ini_get('session.gc_divisor')) {
+            static::$gcProbability = [$gc_probability, $gc_divisor];
         }
 
         if ($gc_max_life_time = \ini_get('session.gc_maxlifetime')) {
-            self::$_sessionGcMaxLifeTime = (int)$gc_max_life_time;
+            self::$lifetime = (int)$gc_max_life_time;
         }
+
+        $session_cookie_params = \session_get_cookie_params();
+        static::$cookieLifetime = $session_cookie_params['lifetime'];
+        static::$cookiePath = $session_cookie_params['path'];
+        static::$domain = $session_cookie_params['domain'];
+        static::$secure = $session_cookie_params['secure'];
+        static::$httpOnly = $session_cookie_params['httponly'];
     }
 
     /**
@@ -308,6 +347,23 @@ class Session
     }
 
     /**
+     * Get cookie params.
+     *
+     * @return array
+     */
+    public static function getCookieParams()
+    {
+        return [
+            'lifetime' => static::$cookieLifetime,
+            'path' => static::$cookiePath,
+            'domain' => static::$domain,
+            'secure' => static::$secure,
+            'httponly' => static::$httpOnly,
+            'samesite' => static::$sameSite,
+        ];
+    }
+
+    /**
      * Init handler.
      *
      * @return void
@@ -328,10 +384,10 @@ class Session
      */
     public function tryGcSessions()
     {
-        if (\rand(1, static::$_sessionGcDivisor) > static::$_sessionGcProbability) {
+        if (\rand(1, static::$gcProbability[1]) > static::$gcProbability[0]) {
             return;
         }
-        static::$_handler->gc(static::$_sessionGcMaxLifeTime);
+        static::$_handler->gc(static::$lifetime);
     }
 
     /**

src/Protocols/Http/Session/RedisClusterSessionHandler.php

@@ -14,11 +14,13 @@
 
 namespace Workerman\Protocols\Http\Session;
 
+use Workerman\Protocols\Http\Session;
+
 class RedisClusterSessionHandler extends RedisSessionHandler
 {
     public function __construct($config)
     {
-        $this->_maxLifeTime = (int)ini_get('session.gc_maxlifetime');
+        $this->_maxLifetime = (int)Session::$lifetime;
         $timeout = $config['timeout'] ?? 2;
         $read_timeout = $config['read_timeout'] ?? $timeout;
         $persistent = $config['persistent'] ?? false;

src/Protocols/Http/Session/RedisSessionHandler.php

@@ -13,6 +13,7 @@
  */
 namespace Workerman\Protocols\Http\Session;
 
+use Workerman\Protocols\Http\Session;
 use Workerman\Timer;
 use RedisException;
 
@@ -31,7 +32,7 @@ class RedisSessionHandler implements SessionHandlerInterface
     /**
      * @var int
      */
-    protected $_maxLifeTime;
+    protected $_maxLifetime;
 
     /**
      * @var array
@@ -55,7 +56,7 @@ class RedisSessionHandler implements SessionHandlerInterface
         if (false === extension_loaded('redis')) {
             throw new \RuntimeException('Please install redis extension.');
         }
-        $this->_maxLifeTime = (int)ini_get('session.gc_maxlifetime');
+        $this->_maxLifetime = (int)Session::$lifetime;
 
         if (!isset($config['timeout'])) {
             $config['timeout'] = 2;
@@ -121,7 +122,7 @@ class RedisSessionHandler implements SessionHandlerInterface
      */
     public function write($session_id, $session_data)
     {
-        return true === $this->_redis->setex($session_id, $this->_maxLifeTime, $session_data);
+        return true === $this->_redis->setex($session_id, $this->_maxLifetime, $session_data);
     }
 
     /**
@@ -129,7 +130,7 @@ class RedisSessionHandler implements SessionHandlerInterface
      */
     public function updateTimestamp($id, $data = "")
     {
-        return true === $this->_redis->expire($id, $this->_maxLifeTime);
+        return true === $this->_redis->expire($id, $this->_maxLifetime);
     }
 
     /**