Symfony 4 cookies, SameSite and firefox/chrome alert

I’m trying to set a cookie in Symfony 4.4 and php 7.2. I don’t find any combination for secure and SameSite that works and doesn’t throw a browser error:

The "last_client_edited" cookie will soon be rejected because its "SameSite" attribute is set to "None" or an invalid value and it does not have the "secure" attribute. To learn more about the "SameSite" attribute, see https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite.

There are some posts in SO regarding this issue but none of the solutions fix this, so I don’t think this is a duplicate. Secure is the 6th parameter, set to true.

I’m developing at a localhost with no https so I wonder if this is part of the problem with secure.

This is my code (some default parameters will be deprecated in Symfony 5 so I set all of them)

$lastClientCookie = new Cookie('last_client_edited', $client->getId(), 0, '/', null, true, true, false, "lax");
if ($lastClientCookie != null)
        $response->headers->setCookie($lastClientCookie);

If I set it to null, the cookie is set without the secure flag.

How can I solve this?

Thank you.

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *