- Merge request !2317Fix older PHP versions setting SameSite attribute on insecure session cookie → (Open) created by darren oh
- Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - 🇸🇰Slovakia poker10
MR is not mergeable anymore, as there were recent changes in
drupal_setcookie()function. - last update
over 1 year ago 2,149 pass - Status changed to RTBC
over 1 year ago 8:50pm 28 April 2023 - last update
over 1 year ago 2,149 pass - Status changed to Needs review
over 1 year ago 5:18pm 1 May 2023 - 🇸🇰Slovakia poker10
Thanks for working on this. I have tested this on PHP 8.1 and if I set
$conf['https'] = TRUE;,$conf['samesite_cookie_value'] = 'None';and login via HTTPS, my Chrome browser still complains about the insecure session cookie with SameSite attribute. Does this problem really affect only PHP versions earlier than 7.3?Cookies with SameSite attribute are tested heavily in
SessionTestCaseand I think we should add a test for this - just to check if the SameSite attribute is present only in the secure cookie. See the uploaded test-only patch. I have not tested that patch on all PHP/SSL combinations. - last update
over 1 year ago 2,149 pass - Status changed to Needs work
over 1 year ago 9:37pm 12 June 2023 - 🇸🇰Slovakia poker10
I have added this issue to the list of potential candidates for the next release - but we need to verify the point raised in #7 and add a test, so that we can compare test-only and regular patch results to see PHP versions affected by this (and confirm that the patch is correct). Thanks!