Originally Posted by
jarmilka
I am having the same problem. I am using v1.5.4 and adding the includes/extra_configures/samesite_cookie.php doesn't solve the problem. Do I have to modify includes/init_includes/init_sessions.php? I do not believe v1.5.4 is using COOKIE_SAMESITE.
The current code is:
PHP Code:
if (PHP_VERSION >= '5.2.0') {
session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE);
} else {
session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag);
}
You're correct; the same-site cookie requirement has been imposed in the last 6 1/2 years (zc154 was released 2016-12-31) and neither your Zen Cart version nor (most likely) the version of PHP you're running on 'understand' how to set that cookie.
Here's a code snippet that you can use to replace the above section of your init_sessions.php to bring it up-to-level while you plan your upgrade to the current Zen Cart version (zc157c at the time of this writing):
Code:
//-bof-20200926-lat9: Setting samesite cookies
//session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE);
$samesite = (defined('COOKIE_SAMESITE')) ? COOKIE_SAMESITE : 'lax';
if (!in_array($samesite, array('lax', 'strict', 'none'))) $samesite = 'lax';
if (PHP_VERSION_ID < 70300) {
session_set_cookie_params(0, $path .'; samesite='.$samesite, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE);
} else {
session_set_cookie_params(array(
'lifetime' => 0,
'path' => $path,
'domain' => (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''),
'secure' => $secureFlag,
'httponly' => TRUE,
'samesite' => $samesite
));
}
//-eof-20200926-lat9
Bookmarks