- Open on Drupal.org βEnvironment: PHP 8.1 & MySQL 5.7last update
about 1 year ago Not currently mergeable. - Open on Drupal.org βEnvironment: PHP 8.1 & MySQL 5.7last update
about 1 year ago Not currently mergeable. - Open on Drupal.org βEnvironment: PHP 8.1 & MySQL 5.7last update
about 1 year ago Not currently mergeable. - Open on Drupal.org βEnvironment: PHP 8.1 & MySQL 5.7last update
about 1 year ago Not currently mergeable. - Open on Drupal.org βEnvironment: PHP 8.1 & MySQL 5.7last update
about 1 year ago Not currently mergeable. - Open on Drupal.org βEnvironment: PHP 8.1 & MySQL 5.7last update
about 1 year ago Not currently mergeable. - Open on Drupal.org βEnvironment: PHP 8.1 & MySQL 5.7last update
about 1 year ago Not currently mergeable. - πΈπ°Slovakia poker10
MR is not mergeable anymore, as there were recent changes in
drupal_setcookie()
function. - last update
about 1 year ago 2,149 pass - Status changed to RTBC
about 1 year ago 8:50pm 28 April 2023 - last update
about 1 year ago 2,149 pass - Status changed to Needs review
about 1 year ago 5:18pm 1 May 2023 - πΈπ°Slovakia poker10
Thanks for working on this. I have tested this on PHP 8.1 and if I set
$conf['https'] = TRUE;
,$conf['samesite_cookie_value'] = 'None';
and login via HTTPS, my Chrome browser still complains about the insecure session cookie with SameSite attribute. Does this problem really affect only PHP versions earlier than 7.3?Cookies with SameSite attribute are tested heavily in
SessionTestCase
and I think we should add a test for this - just to check if the SameSite attribute is present only in the secure cookie. See the uploaded test-only patch. I have not tested that patch on all PHP/SSL combinations. - last update
about 1 year ago 2,149 pass - Status changed to Needs work
about 1 year ago 9:37pm 12 June 2023 - πΈπ°Slovakia poker10
I have added this issue to the list of potential candidates for the next release - but we need to verify the point raised in #7 and add a test, so that we can compare test-only and regular patch results to see PHP versions affected by this (and confirm that the patch is correct). Thanks!