DEV Community


Discussion on: Dealing with Chrome SameSite cookie attribute in Shopify Apps made with PHP/Laravel

jasperf profile image
Jasper Frumau

So for the Laravel session and XSRF Token cookies we should use SameSite="Strict at config/session.php? How would we implement this and only have this apply for these two cookies I am now getting warnings for?

cookie `host-name_staging_session` will be soon rejected because it has
 the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read 1748
rowan_m profile image
Rowan Merewood

I'd suggest Lax for your session cookie, not Strict.