Support SameSite cookie - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6) +--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17) +--- Thread: Support SameSite cookie (/showthread.php?tid=78800) |
Support SameSite cookie - nicojmb - 03-12-2021 Hi, I've a web that's run latest CI3 version, it's impossible to us upgrade to 4.X now and we need support for SameSite cookie. I think than the CI3 Developers must publish a minor version of CI3 with SameSite support asap. A lot of CI3 users need this features. Regards! RE: Support SameSite cookie - InsiteFX - 03-12-2021 You can do it yourself for the time being. Secure better your website with SameSite cookies RE: Support SameSite cookie - nicojmb - 03-17-2021 (03-12-2021, 05:56 PM)InsiteFX Wrote: You can do it yourself for the time being. Yes, i know, but is a basic feature and i think easy to implement y CI3 core. RE: Support SameSite cookie - kenjis - 03-17-2021 (03-17-2021, 09:24 AM)nicojmb Wrote: Yes, i know, but is a basic feature and i think easy to implement y CI3 core. If it is really easy, why does CI3 not have it yet? RE: Support SameSite cookie - CINewb - 03-22-2021 (03-12-2021, 05:56 PM)InsiteFX Wrote: You can do it yourself for the time being. Out of interest, what's the easiest way of doing this? So far I had to extend the built in session library class, copy the class contructor and add the samesite attribute there. I toyed around with ini_set('session.samesite', 1); but it didn't seem to work. RE: Support SameSite cookie - CINewb - 03-27-2021 Further to my comment above, I've since ditched the idea of extending the session class and have instead added the samesite cookie attribute to my core system file. I know this is terrible practice but it was less messy than extending the session class, and I'm hoping the samesite attribute is included in a future patch/version, therefore rendering my change temporary. I did this by modifying line 163 in /system/libraries/Session/Session.php from: PHP Code: setcookie( to PHP Code: setcookie( Really the samesite attribute should be configurable rather than hardcoded, and again I realise changing core system files is generally not acceptable. In our case I just want to set this attribute with as little fuss as possible, and hope for a more permanent solution in the future. Note: The above also assumes you are on PHP 7.3 or higher. |