cakePHP set Cookies for SameSite Attribute. But I can't find it in the Code/track it down

Asked 6/12, 2019 at 14:55 Answered 14/7, 2022 at 11:21

I'm still becoming a developer. First of all I can't show any code related to this problem because I'm not allowed to do so...

With the new cookie policy from Chrome (and others) the SameSite attribute must be set to None.

My problem is, that I can't find any code where the cookies are set. It comes from a server. I searched the git repositories of the company I'm currently at. I searched the internet for every solution possible. The problem is finding the right place to put it in. The code is written in php which I haven't learned so far.

The said cookie comes from another website and I unable track it down.

Attorn answered 6/12, 2019 at 14:55 Comment(4)

What version of CakePHP are you using? CakePHP 2 has Session Cookies defined in App/Config/core.php. – Handsome 6/12, 2019 at 21:52

I'd suggest taking a look at web.dev/samesite-cookies-explained You should set a SameSite value for your cookies, but SameSite=None; Secure is only required if you need cookies available in a third-party / cross-site context. If the cookies are only intended for visitors on your site, you should be looking at SameSite=Lax or SameSite=Strict. – Harvell 7/12, 2019 at 23:43

Well the code is really weird (not mine obviously). So there is no folder containing the cookie creation. And I get the warning on the site with the 'SameSite' attribute. It seems that the server ('cdn') is sending it to the website and the error occurs – Attorn 9/12, 2019 at 7:17

It seems that the server ('cdn') is sending it to the website - what does this mean? Maybe you should back up a bit - how do you know your site sets cookies? What CDN are you referring to? PHP uses setcookie() to set cookies, so if you grep your sources for that you will find wherever CakePHP does that. – Michey 26/12, 2019 at 10:35

Cake 3.5.8

In your config/app.php add the following lines into the Session['ini'] section:

'Session' => [
        'ini' => [
           'session.cookie_samesite' => 'None',
           'session.cookie_secure' => true
       ]
],

Scuba answered 11/3, 2020 at 13:19 Comment(1)

Perfect ! Just be sure to always use httpS after that https://mcmap.net/q/122150/-cakephp-and-https-redirects – Jackquelinejackrabbit 21/4, 2023 at 13:0

I am using cakephp 1.3. I need backend cookie at front-end that is not same domain. As of other solution not worked then I use my code. I created new cookie after login. Then, on front-end I used this cookie as backend login check and done my stuf.

header("Set-Cookie: admin_login= ".$_SESSION['Auth']['User']['id']."; path=/; ".$_SERVER['HTTP_HOST']."; HttpOnly; SameSite=None; Secure");

Doroteya answered 19/8, 2020 at 6:16 Comment(0)

I have managed to hack this using the following in CakePHP 3.8.13 and PHP 7.2

    $this->Cookie->setConfig([
        'path' =>  '/; SameSite=Lax',
        'expires' => '+180 days',
        'httpOnly' => \FALSE
    ]);

Imminent answered 14/7, 2022 at 11:21 Comment(0)

Recommended topics

Hot tags