Jump to content

Session Cookie settings samesite none


spiroue
 Share

Recommended Posts

Hi,

I have clients using a processwire site from with other applications (eg browsers in those apps) previously the site was locked down on IP ranges and login was not required. Now that is changed and login is required. One of the clients now get 500 internal server error when trying to login. I think it is related to the session cookies. This is what I've tried:

In httpd.conf:
Header always set Content-Security-Policy "frame-ancestors 'self' client1.domain.com client2.domain.com";
This I can see also see is set by looking at the headers.

Then I'm trying to set SameSite=None wich I can't get to be working, I've tried:

In .htaccess:
Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None

In site/config.php:
ini_set('session.cookie_samesite', 'None');

and...

$config->cookieOptions = [
  'secure' => true,
  'samesite' => 'None',
]

But still cookies looks like this:
image.thumb.png.aea3e5ccdac7afc783e9976a4450578c.png
image.png.9509142f9b68022e77ee985c8106a5d9.png

Does anyone have an idea why the cookie options seems to be the same, no matter how I configure above?
And do you believe I'm on the the right path solving the issue or can it be something else?

Running an old Processwire 3.0.123-0

Thanks

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...