- Use SameSite=Strict to avoid issues in modern browsers & prevent
session-stealing attacks
- Use Secure when requests run over HTTPS by default to avoid
downgrade-based session-stealing attacks
- Add warning for PHP <= 7.2, as it doesn't support SameSite in
setcookie().
Note to self: If we do end up implementing it, remember that
$env->perfdata does containsensitive information sometimes, so we might
need to revise our approach a bit (e.g. only sending it to authenticated
admins)
The BkTree tester gave me the idea.
No longer will you have to hope that search indexing will complete in
time and adjust the maximum execution time for larger wikis..... when
that's implemented.