Jump to content
wphorlogebanden

warning Cookie sameSite

Recommended Posts

I am migrating our site to Phoenix. After succesfull installation I noticed a warning about using sameSite in the session cookie referring to "developper.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite: "Cookie 'ceid' will be rejected shortly because the attribute 'sameSite' is set to 'none' or an illegal value without the attribute 'secure'.

On https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md a solution is suggested for Session Cookies via session_set_cookie_params.

Am I correct to assume that this solution should be in 'includes/system/segments/application/start_session.php' and/or 'admin/includes/application_top.php' ?

Share this post


Link to post
Share on other sites

It depends on your PHP version.  If less than 7.3, just change the COOKIE_PATH constants in your configure.php files.  7.3 or later, then yes, the place to change it is in start_session.php and application_top.php

I'm changing this now, so I may make it so that you can always change it in the configure.php files. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

I'm using PHP 7.3 and added this to the .htaccess to get my authorize.net SIM payment module to return customers to the checkout success page properly.

<IfModule mod_headers.c>
Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</IfModule>

Share this post


Link to post
Share on other sites

Note that 1.0.7.7 supports sameSite cookies directly, defaulting to Lax and turning on secure when available. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×