DEV Community

loading...

Discussion on: Dealing with Chrome SameSite cookie attribute in Shopify Apps made with PHP/Laravel

Collapse
jasperf profile image
Jasper Frumau

So for the Laravel session and XSRF Token cookies we should use SameSite="Strict at config/session.php? How would we implement this and only have this apply for these two cookies I am now getting warnings for?

cookie `host-name_staging_session` will be soon rejected because it has
 the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read
 https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 1748
Collapse
rowan_m profile image
Rowan Merewood

I'd suggest Lax for your session cookie, not Strict.