Is there any way to set the "SameSite" property on a session cookie?

Question

I am having an issue with Chrome and the "samesite" property on my cookies (I am logging in via PHP on a cloud server, then using resources on my cloud server in another domain)

On the cookies I am creating myself, I can do:

setcookie("foo", "bar", [
   "expires" => time() + 60 * 60 * 24,
   "path" => "/",
   "domain" => "", 
   "secure" => true,
   "httponly" => false,
   "samesite" => 'None'
  ]);

And this works.

My question is, is there any way to add "samesite" => 'None' on my "PHPSESSID" session cookie as well, so I can use the session from a cross domain page?

This is a chrome specific issue

score 1 · Accepted Answer · answered Jan 14 '22 at 10:01

1

You can configure it by changing session.cookie_samesite inside php.ini.

Details here

answered Jan 14 '22 at 10:01

Eduard

1,319
6
12

Or via session_set_cookie_params function in php, but this question/answers are duplicate. – Pavel Třupek Jan 14 '22 at 10:03

Is there any way to set the "SameSite" property on a session cookie?

1 Answers1