PHP SameSite session problem, session doesn't work
I hope anybody can give me some ideas to my problem. I am trying to apply SameSite cookie to make session work but it seems it doesn't work. The visited site html:
<iframe src="https://www.example.com/test/iframe.php"></iframe>
Iframe source site:
<?php
header('Set-Cookie: cross-site-cookie=PHPSESSID; SameSite=None; Secure');
session_start();
if(!isset($_SESSION['test'])){
echo 1;
$_SESSION['test'] = 'ee2';
}else{
echo $_SESSION['test'];
}
If I visit the website, I still receive A cookie associated with a cross-site resource at https://www.example.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. message in browser console and session is not saved.
Strange thing is that the cookie has been actually set:
Am I missing something? Why do I get this message in console if cross-site-cookie is set and what could be reasons for session to not work? I am using php 7.1.33. If I open iframe directly, it works and it also works properly if I open the site with browser where I haven't enabled the SameSite by default cookies flag for testing.
Answer
I resolved it by editing .htaccess
<ifmodule mod_headers.c>
Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</ifmodule>