4

I'm currently setting a cookie like this (in middleware):

cookie()->queue("loginToken", $loginToken, 60*24*365*10);

How do I specify SameSite = None?

I'm using Laravel 8.

Magmatic
  • 1,754
  • 3
  • 19
  • 34

4 Answers4

9

in config/session.php

'same_site' => "none",
Dri372
  • 1,275
  • 3
  • 13
  • I think the "none" needs quotation marks around it, because it should be a string. – Magmatic Jun 03 '21 at 15:34
  • 1
    This is close, but I think not exactly the right answer. This only sets the SameSite setting for session cookies, not any custom cookie I want to set. – Magmatic Jun 03 '21 at 15:36
  • 1
    Didn't change anything for me for some reason. Still getting the same errors – Igor Q. Aug 29 '21 at 21:00
1

This is what I did. Remember, this is in the handle function of the middleware.

    $response = $next($request);

    // https://symfony.com/doc/current/components/http_foundation.html#setting-cookies
    // https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/HttpFoundation/Cookie.php
    $cookie = \Symfony\Component\HttpFoundation\Cookie::create("loginToken")
        ->withValue($loginToken)
        ->withExpires(strtotime("+12 months"))
        ->withSecure(true)
        ->withHttpOnly(true)
        ->withSameSite("strict")
        ;

    $response->headers->setCookie($cookie);
Magmatic
  • 1,754
  • 3
  • 19
  • 34
1

The cookie function declaration is:

function cookie($name = null, $value = null, $minutes = 0, $path = null, $domain = null, $secure = null, $httpOnly = true, $raw = false, $sameSite = null)

And queue just forwards the parameters, so you can do:

cookie()->queue("loginToken", $loginToken, 60*24*365*10, null, null, null, true, false, 'None');
rsanchez
  • 14,467
  • 1
  • 35
  • 46
0

You could also set it in the path of config/session.php but it's a bit hacky

'path' => '/; SameSite=None; secure'
crwh05
  • 85
  • 8