wphorlogebanden Posted August 4, 2020 Share Posted August 4, 2020 I am migrating our site to Phoenix. After succesfull installation I noticed a warning about using sameSite in the session cookie referring to "developper.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite: "Cookie 'ceid' will be rejected shortly because the attribute 'sameSite' is set to 'none' or an illegal value without the attribute 'secure'. On https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md a solution is suggested for Session Cookies via session_set_cookie_params. Am I correct to assume that this solution should be in 'includes/system/segments/application/start_session.php' and/or 'admin/includes/application_top.php' ? Link to comment Share on other sites More sharing options...
♥ecartz Posted August 4, 2020 Share Posted August 4, 2020 It depends on your PHP version. If less than 7.3, just change the COOKIE_PATH constants in your configure.php files. 7.3 or later, then yes, the place to change it is in start_session.php and application_top.php I'm changing this now, so I may make it so that you can always change it in the configure.php files. Always back up before making changes. Link to comment Share on other sites More sharing options...
Guest Posted August 20, 2020 Share Posted August 20, 2020 I'm using PHP 7.3 and added this to the .htaccess to get my authorize.net SIM payment module to return customers to the checkout success page properly. <IfModule mod_headers.c> Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </IfModule> Link to comment Share on other sites More sharing options...
♥ecartz Posted August 20, 2020 Share Posted August 20, 2020 Note that 1.0.7.7 supports sameSite cookies directly, defaulting to Lax and turning on secure when available. Always back up before making changes. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.