Question posted in 
I have the following code where I set cookies normally. It was working fine until the new SameSite update from chrome. It stopped working. I’ve added the SameSite as you can see but a few users who use Chrome on Android are having issues logging in. I did some logging to try and figure out why users couldn’t log in and it seems like some users who use older versions of android and chrome are unable to login because the following code apparently doesn’t work for them.
$expire = time() + 4 * 7 * 24 * 60 * 60; // Making the cookie live for 4 weeks
$en_string = "some string";
setcookie("username", $en_string, $expire, "/; SameSite=None; Secure");
setcookie("login_key", "1", $expire, "/; SameSite=None; Secure");
I am running Php5 5.6.30 on apache and CentOS. Any help what should I change. The response from apache_response_headers() is
Array
(
[X-Powered-By] => PHP/5.6.32
[Accept] => application/json
[Set-Cookie] => username=some string; expires=Fri, 13-Nov-2020 05:20:25 GMT; Max-Age=2419200; path=/;samesite=strict
[Expires] => Thu, 19 Nov 1981 08:52:00 GMT
[Cache-Control] => no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[Pragma] => no-cache
)
2
Answers
I’ve seen the same problem in php 5.7.4. The one difference I see is that when the first routine I can uses setcookie, it works. Then I include another file and do another setcookie and it fails. If I make sure all the cookies get set in the same routine, that’s a workaround. But this is clearly a fairly deep bug somewhere.
Please check if you have and where in your code usages of
session_start()and/orheader()functions. They might invoke an issue around cookies.Also see these answers:
NB! Cookies might be disabled in your mobile browser.
To enable it (for example in Chrome):