From ddb6741e5f3db46e934f54593ada510a8c875371 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Fri, 16 Sep 2022 13:35:30 -0400
Subject: [PATCH] Use zm_setcookie, which will automatically set samesite on
 the session cookie. Maybe fixes #3517

---
 web/includes/session.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/web/includes/session.php b/web/includes/session.php
index e76032577..e3ab41fc0 100644
--- a/web/includes/session.php
+++ b/web/includes/session.php
@@ -95,7 +95,10 @@ function zm_session_clear() {
   if ( ini_get('session.use_cookies') ) {
     $p = session_get_cookie_params();
     # Update the cookie to expire in the past.
-    setcookie(session_name(), '', time() - 31536000, $p['path'], $p['domain'], $p['secure'], $p['httponly']);
+    $p['expires'] = time() - 31536000;
+    unset($p['lifetime']); // Not valid for a cookie
+
+    zm_setcookie(session_name(), '', $p);
   }
   session_unset();
   session_destroy();