Cookie PHPSESSID will be soon rejected because it has the “SameSite” attribute set to “None”

tecnickcom / tcexam

TCExam is a CBA (Computer-Based Assessment) system (e-exam, CBT - Computer Based Testing) for universities, schools and companies, that enables educators and trainers to author, schedule, deliver, and report on surveys, quizzes, tests and exams.

http://www.tcexam.org

Other

570 stars 402 forks source link

Cookie PHPSESSID will be soon rejected because it has the “SameSite” attribute set to “None” #392

Closed AmritasyaPutra closed 11 months ago

AmritasyaPutra commented 3 years ago

I get the following warning on Firefox:

Cookie “PHPSESSID” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute.

I think this should be fixed for the next iteration.

AmritasyaPutra commented 3 years ago

PHP 7.3 above allows setting this in setcookie call. I fixed through my .htaccess file. There is a way to do this in php.ini also. But I think htaccess and php.ini are too broad, this should be fixed at application level. Many users will be running without secure option.

nicolaasuni commented 11 months ago

This was solved in the 16.1.0 version. More cookie options were added: https://github.com/tecnickcom/tcexam/commit/9c63df784e126ccac323ca65c4e0ace9c2b83fd5