[5.8] SameSite=None support

[DokterExpivi]

• Laravel Version: 5.8

Description:
Google introduces new Chrome policy, marking all Cookie without SameSite flag to 'strict' by default. If you want to allow third party cookies you must set samesite flag to 'none'.

For cookie related logic laravel uses symfony/http-foundation and they already have released the support for it. There is no mention of it in the laravel configuration, but the config/session.php says that only 'strict' and 'lax' are supported, where we need 'none'.

Symfony Ticket: symfony/symfony#31475

Can we set it to 'none' regardless, or if not possible, when is this expected to be possible? This problem has been known for a while, and it is only a few days until Chrome enforces it.

[driesvints]

Hey there,

Unfortunately we don't support this version anymore. Please check out our support policy on which versions we are currently supporting. Can you please try to upgrade to the latest version and see if your problem persists? We'll help you out and re-open this issue if so.

Thanks!

[DokterExpivi]

Fortunately, I found out that setting this setting to none is perfectly valid.

[WajahatAnwar]

Fortunately, I found out that setting this setting to none is perfectly valid.

your issue is resolved? with which version?

[paoloramos]

Had the same problem. Change the ff lines to:

'secure' => env('SESSION_SECURE_COOKIE', true),
'same_site' => 'none',

in config/session.php

[jeff-h]

If you change same_site to something other than null I'd definitely advise testing your work in Safari 12.x if that's relevant to you, as it has a related bug on both macOS and iOS (See Fyrd/caniuse#4813).