Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

warning Cookie sameSite


Recommended Posts

I am migrating our site to Phoenix. After succesfull installation I noticed a warning about using sameSite in the session cookie referring to "developper.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite: "Cookie 'ceid' will be rejected shortly because the attribute 'sameSite' is set to 'none' or an illegal value without the attribute 'secure'.

On https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md a solution is suggested for Session Cookies via session_set_cookie_params.

Am I correct to assume that this solution should be in 'includes/system/segments/application/start_session.php' and/or 'admin/includes/application_top.php' ?

Link to comment
Share on other sites

It depends on your PHP version.  If less than 7.3, just change the COOKIE_PATH constants in your configure.php files.  7.3 or later, then yes, the place to change it is in start_session.php and application_top.php

I'm changing this now, so I may make it so that you can always change it in the configure.php files. 

Always back up before making changes.

Link to comment
Share on other sites

  • 3 weeks later...

I'm using PHP 7.3 and added this to the .htaccess to get my authorize.net SIM payment module to return customers to the checkout success page properly.

<IfModule mod_headers.c>
Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...