SameSite=None; Secure Cookie Settings

Discuss general development subjects that are not specific to a particular version like the versioning control system we use or other infrastructure.
Post Reply
janus
Registered User
Posts: 28
Joined: Thu Nov 26, 2015 1:06 pm

SameSite=None; Secure Cookie Settings

Post by janus »

Any plans to make phpbb ready for SameSite=None; Secure Cookie Settings?
https://www.smarthostingplans.com/uncat ... -settings/

I understand the only thing to change is:
Open: [ROOT]/phpbb/session.php
Find

Code: Select all

header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . ';' . (($httponly) ? ' HttpOnly' : ''), false);
Replace with

Code: Select all

header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . ';' . (($httponly) ? ' HttpOnly' : '') . '; SameSite=Strict', false);
User avatar
3Di
Registered User
Posts: 883
Joined: Tue Nov 01, 2005 9:50 pm
Location: Milano 🇮🇹 Frankfurt 🇩🇪
Contact:

Re: SameSite=None; Secure Cookie Settings

Post by 3Di »

At a first glance that hack is wrongly coded IMO.
Moreover, there will be a bit more to do in case it gets implemented, you could open a ticket and let someone take care of it eventually.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Post Reply