CodeIgniter4: Bug: Support for SameSite cookie setting missing

Describe the bug Not possible to configure SameSite setting for cookies (session and CSRF). The differences between PHP 7.2 and 7.3 makes this more difficult. I now find myself in the situation that I need to be able to configure this setting and after migration to PHP 7.3 the hack with cookiePath = '/;samesite=none'; no longer works.

I could possible do some work on this, but I’d like to know if there are anything planned before I start working on a PR.

CodeIgniter 4 version 4.0.4

Affected module(s) Sessions + ?

Expected behavior, and steps to reproduce if appropriate It should be possible to configure SameSite settings for cookies.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 21 (19 by maintainers)

Commits related to this issue

Most upvoted comments

You all need to read this article I just found:

PHP 7.3 Same-site Cookies

This can now be set in the php ini file the above will show how to do it.

+1
InsiteFX on Aug 10, 2020
Read more comments on GitHub
← CodeIgniter4: Bug: Session Library
CodeIgniter4: Bug: Throttler does not show correct token time until 1 token is available →