From d46436973fc4446eb66371d9de8726583ddd856d Mon Sep 17 00:00:00 2001
From: silvere latchurie <slatchurie@gmail.com>
Date: Sun, 3 Mar 2024 17:08:05 +0100
Subject: [PATCH] Fix setting/destroying multiple cookies PHP < 7.3

CI3 is using header instead of setcookie when PHP < 7.3.
But each call to header('Set-Cookie: ...') is replacing the previews one,
meaning only the last cookie setting/destroying command is sent.

Using header('Set-Cookie: ...', FALSE) to prevent replacing.
---
 system/core/Input.php                       | 2 +-
 system/core/Security.php                    | 3 ++-
 system/libraries/Session/Session.php        | 2 +-
 system/libraries/Session/Session_driver.php | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/system/core/Input.php b/system/core/Input.php
index 62a1d89f87a..9b204ce6d36 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -378,7 +378,7 @@ public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path
 			$cookie_header .= ($expire === 0 ? '' : '; Expires='.gmdate('D, d-M-Y H:i:s T', $expire)).'; Max-Age='.$maxage;
 			$cookie_header .= '; Path='.$path.($domain !== '' ? '; Domain='.$domain : '');
 			$cookie_header .= ($secure ? '; Secure' : '').($httponly ? '; HttpOnly' : '').'; SameSite='.$samesite;
-			header($cookie_header);
+			header($cookie_header, FALSE);
 			return;
 		}
 
diff --git a/system/core/Security.php b/system/core/Security.php
index d0a87830707..4abe5adda01 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -299,7 +299,8 @@ public function csrf_set_cookie()
 					.($domain === '' ? '' : '; Domain='.$domain)
 					.($secure_cookie ? '; Secure' : '')
 					.(config_item('cookie_httponly') ? '; HttpOnly' : '')
-					.'; SameSite=Strict'
+					.'; SameSite=Strict',
+					FALSE
 			);
 		}
 
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 2d55f822af9..4839f89f9d3 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -177,7 +177,7 @@ public function __construct(array $params = array())
 				$header .= '; Path='.$this->_config['cookie_path'];
 				$header .= ($this->_config['cookie_domain'] !== '' ? '; Domain='.$this->_config['cookie_domain'] : '');
 				$header .= ($this->_config['cookie_secure'] ? '; Secure' : '').'; HttpOnly; SameSite='.$this->_config['cookie_samesite'];
-				header($header);
+				header($header, FALSE);
 			}
 
 			if ( ! $this->_config['cookie_secure'] && $this->_config['cookie_samesite'] === 'None')
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index 24b4b465e21..1a08cc34bf0 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -147,7 +147,7 @@ protected function _cookie_destroy()
 			$header .= '; Path='.$this->_config['cookie_path'];
 			$header .= ($this->_config['cookie_domain'] !== '' ? '; Domain='.$this->_config['cookie_domain'] : '');
 			$header .= ($this->_config['cookie_secure'] ? '; Secure' : '').'; HttpOnly; SameSite='.$this->_config['cookie_samesite'];
-			header($header);
+			header($header, FALSE);
 			return;
 		}