wphorlogebanden 0 Posted August 4, 2020 I am migrating our site to Phoenix. After succesfull installation I noticed a warning about using sameSite in the session cookie referring to "developper.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite: "Cookie 'ceid' will be rejected shortly because the attribute 'sameSite' is set to 'none' or an illegal value without the attribute 'secure'. On https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md a solution is suggested for Session Cookies via session_set_cookie_params. Am I correct to assume that this solution should be in 'includes/system/segments/application/start_session.php' and/or 'admin/includes/application_top.php' ? Share this post Link to post Share on other sites
♥ecartz 724 Posted August 4, 2020 It depends on your PHP version. If less than 7.3, just change the COOKIE_PATH constants in your configure.php files. 7.3 or later, then yes, the place to change it is in start_session.php and application_top.php I'm changing this now, so I may make it so that you can always change it in the configure.php files. Always back up before making changes. Share this post Link to post Share on other sites
Guest Posted August 20, 2020 I'm using PHP 7.3 and added this to the .htaccess to get my authorize.net SIM payment module to return customers to the checkout success page properly. <IfModule mod_headers.c> Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </IfModule> Share this post Link to post Share on other sites
♥ecartz 724 Posted August 20, 2020 Note that 1.0.7.7 supports sameSite cookies directly, defaulting to Lax and turning on secure when available. Always back up before making changes. Share this post Link to post Share on other sites
New 