+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: ci_session cookie rejection warning (/showthread.php?tid=76585)
Pages:
1
2
ci_session cookie rejection warning - Jan Zelenka - 05-29-2020
Hi!
I have noticed Firefox giving the following warning in the console:
Cookie “ci_session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies
Anything I can fix as a user?
RE: ci_session cookie rejection warning - mjamilasfihani - 06-01-2020
Same with me
RE: ci_session cookie rejection warning - freelanceBanik - 06-01-2020
I am also getting warning in firefox console that
"Cookie “ci_session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies".
My javascript has been stopped working now from when I am getting this notice.
RE: ci_session cookie rejection warning - dave friend - 06-01-2020
In the file app/Config/App.php you will need to use
PHP Code:
public $cookieSecure = true;
And you will also need to implement SSL certificates and use https
RE: ci_session cookie rejection warning - Jan Zelenka - 06-02-2020
Thanks a lot that was indeed the solution!
RE: ci_session cookie rejection warning - sg007 - 09-26-2020
(06-01-2020, 07:38 AM)dave friend Wrote: In the file app/Config/App.php you will need to useDear,
PHP Code:public $cookieSecure = true;
And you will also need to implement SSL certificates and use https
I didn't find App.php in Config folder...Can you please tell me the reason ?
Thanks
RE: ci_session cookie rejection warning - InsiteFX - 09-26-2020
Also make sure that this has not been changed in Config/app.php
PHP Code:
public $cookieSameSite = 'Lax';
RE: ci_session cookie rejection warning - mneucollins - 05-18-2021
Hi I know this is the Codeigniter 4 forum, but I am maintaining a legacy CI3 system and wondered anybody here knows if there is a solution to the Firefox cookie rejection message for CI3. Thanks.
RE: ci_session cookie rejection warning - InsiteFX - 05-18-2021
For CI 3 no there is not a solution at this time.
RE: ci_session cookie rejection warning - paulkd - 05-19-2021
Hi,
Use at your own risk
system\libraries\Session\Session.php
line ~159
Code:
// Another work-around ... PHP doesn't seem to send the session cookie
// unless it is being currently created or regenerated
elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
{
setcookie(
$this->_config['cookie_name'],
session_id(),
[
'expires' => (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']),
'path' => $this->_config['cookie_path'],
'domain' => $this->_config['cookie_domain'],
'secure' => $this->_config['cookie_secure'],
'httponly' => TRUE,
'samesite' => $this->_config['cookie_samesite']
]
);
}Code:
isset($params['cookie_path']) OR $params['cookie_path'] = config_item('cookie_path');
isset($params['cookie_domain']) OR $params['cookie_domain'] = config_item('cookie_domain');
isset($params['cookie_secure']) OR $params['cookie_secure'] = (bool) config_item('cookie_secure');
isset($params['cookie_samesite']) OR $params['cookie_samesite'] = config_item('cookie_samesite');
session_set_cookie_params([
'lifetime' => $params['cookie_lifetime'],
'path' => $params['cookie_path'],
'domain' => $params['cookie_domain'],
'secure' => $params['cookie_secure'],
'httponly' => TRUE, // HttpOnly; Yes, this is intentional and not configurable for security reasons
'samesite' => $params['cookie_samesite']
]);application\config\config.php
line ~403
Code:
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;
$config['cookie_samesite'] = 'Lax';