Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Archived

This topic is now archived and is closed to further replies.

wphorlogebanden

warning Cookie sameSite

Recommended Posts

I am migrating our site to Phoenix. After succesfull installation I noticed a warning about using sameSite in the session cookie referring to "developper.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite: "Cookie 'ceid' will be rejected shortly because the attribute 'sameSite' is set to 'none' or an illegal value without the attribute 'secure'.

On https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md a solution is suggested for Session Cookies via session_set_cookie_params.

Am I correct to assume that this solution should be in 'includes/system/segments/application/start_session.php' and/or 'admin/includes/application_top.php' ?

Share this post


Link to post
Share on other sites

It depends on your PHP version.  If less than 7.3, just change the COOKIE_PATH constants in your configure.php files.  7.3 or later, then yes, the place to change it is in start_session.php and application_top.php

I'm changing this now, so I may make it so that you can always change it in the configure.php files. 


Always back up before making changes.

Share this post


Link to post
Share on other sites
Guest

I'm using PHP 7.3 and added this to the .htaccess to get my authorize.net SIM payment module to return customers to the checkout success page properly.

<IfModule mod_headers.c>
Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</IfModule>

Share this post


Link to post
Share on other sites

Note that 1.0.7.7 supports sameSite cookies directly, defaulting to Lax and turning on secure when available. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

×