When the samesite attribute for a cookie is not specified, it is defaulted to samesite: lax. Google just changed their Chrome browser to require samesite: none; Secure for it to continue to work (my site is being used in an iframe).
Where can I add this so the attribute “samesite” with values none and Secure are set for cookies?
You may google “PHP 7.3 Same-site Cookies”.
I did Google. I can’t set the samesite value in php.ini because you can’t do that for samesite=None. The docs say it won’t work.
The examples I’m finding are all PHP for “Set-Cookie”…which, when I look in login.php where phpmaker sets a cookie…it’s setcookie(…) instead which seems to reference a JavaScript function in jquery.ewjtable.js and jquery.ewjtable.min.js.
I tried changing them in jquery.ewjtable.js and jquery.ewjtable.min.js but the attributes don’t get set (when I look in dev tools of Chrome and example the cookie). I figure I’m doing something wrong or putting it in the wrong place.
Where do I make the change? Where can I set those attributes?
I just tried deleting jquery.ewjtable.js and jquery.ewjtable.min.js and I was still able to login…so those cookies are being set somewhere else, but I can’t find any “setcookie” definitions anywhere else.
If you could tell me where this is happening (what file or function), then that would be helpful.
michaelmcewen wrote:
I just tried deleting jquery.ewjtable.js and jquery.ewjtable.min.js and I was still able to login…
I am confused. How is jquery.ewjtable.js related to login? It is irrelevant. What are you trying to achieve? It seems that you expect you cannot login. Why? You mentioned iframe, did you mean the domain in the main site and the domain in the iframe are different? Can you explain more clearly?
Ok, I need to be able to set the samesite and secure attributes when the login cookie is written. I’m trying to find the code that writes the cookie.
In login.php it calls setcookie(…) multiple times. The only place I could find a definition for that function is in jquery.ewjtable.js and jquery.ewjtable.min.js. So, I’m not sure how you can say it is irrelevant. BUT, changes I’ve made in those files doesn’t seem to “take” (it doesn’t change the cookie). That’s why I tried deleting the file to see if it would fail/error.
So, can someone tell me where the code is that writes the cookie? I need to set the samesite and secure attributes for cookies.
And yes, the domain in the main site and the domain in the iframe are different. That’s why I need to set the samesite and secure attributes.
I don’t mind a discussion about the iframe, but I’d appreciate an answer to my question about setting the cookies and those attributes first.
Thanks!
setcookie() is a PHP function on the server side. The _setCookie() in jquery.ewjtable.js is a JavaScript function on the client side only to write a cookie to store the page size of modal lookup. Hence irrelevant.
You may search “setcookie” in the template and change them. See https://www.php.net/manual/en/function.setcookie.php:
7.3.0 - An alternative signature supporting an options array has been added. This signature supports also setting of the SameSite cookie attribute.
For the session cookie, see: https://www.php.net/manual/en/function.session-set-cookie-params.php
Perfect! That’s JUST what I needed!
Thank you!
From v2020.0.14, there are advanced settings for cookie.