Open mertdogan opened 11 months ago
I had a similiar (maybe same) issue with the session cookies not being set, being samesite none and secure none on a localhost with self-signed ssl cert. Even on localhost the browsers did not like that. Chrome did not set the cookie at all and Safari made it samesite lax. Now it works when I use mkcert in my docker dev environment and on my mac host, so I have a valid cert everywhere. And cookie secure set to true.
I don't think it's an issue, I couldn't replicate it (see the aforementioned discussion).
I don't think it's an issue, I couldn't replicate it (see the aforementioned discussion).
No, not an CI issue. It is just a matter of many browsers not accepting cookies with samesite none combined with non-secure (http or https self-signed cert). A configuration issue.
@mertdogan check your log files -> you should have errors with this configuration: https://github.com/bcit-ci/CodeIgniter/blob/3.1-stable/system/libraries/Session/Session.php#L183
also, take a look at this article: https://web.dev/articles/samesite-cookies-explained#samesitenone_must_be_secure
in short: a session with SameSite=None without the Secure parameter will not be saved in the browser's cookie jar, so your session will be new with every page refresh
Discussed in https://github.com/bcit-ci/CodeIgniter/discussions/6247
my php version is 7.1.19 on IIS and using database driver for session. This is my config setting: