Hit a bit of a problem I can't seem to solve or find a answer through googling or trawling through the trouble shooting guide/ forum topics.
I hope it's just something simple that I am just missing it!
I have been running Wampserver for few years as a local host while I develop my php skills to write a php website using dreamweaver (I class myself as a newbie always willing to learn). I Have been doing it piecemeal for about 2 years and Wamp has been great as a local host. Things were going great when I last worked at it in April this year and then for various reason had to stop.
I picked up the project again about two weeks ago and suddenly found when i opened my development site in Chrome, Edge, and Opera it would not work properly. But it worked OK in Firefox and the old internet explorer.
Looking at the DevTools 'Issues' I could see they first three had issues with the php session cookies - a samesite / secure issue.
'
'Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute
Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests'
Firefox and internet explorer were happy not to have samesite undefined and not secure.
Looking in the tmp folder I could see the cookies were being produced (or at least they were going into the tmp folder) but were just not being retained and were being blocked by Chrome, Edge and Opera.
I did a bit of googling and dived into the php.ini file (the correct one) and started playing with values in :
session.cookie_secure
and
session.cookie_samesite
I found that I could change the cookie properties that Firefox was seeing to secure by just changing
session.cookie_secure to 1 or On
I thought I had solved it, HOWEVER in Chrome, Edge and Opera the session cookie was still not being saved, it was being produced as they were still appearing in the tmp folder but were not visible in the local host cookies in the application section of the DevTools. WORSE in a way was that there are NO issues being flagged. The cookies are just not being retained / kept / made.
I understand from reading that Browser have increased their security round samesite cookies since April and I must have missed something or constructed my site so it has become an issue. I can't seem to find any reference to anybody else having this issue!
I have tinkered with various other settings in php.ini . including setting 'session.cookie_samesite = "None", to no avail, I have upgraded my WampServer to 3.2.3 (big mistake as though I backed up the website I forgot about the tables in the MSQL database and lost them and had to reconstruct them!) and tried various php version from 7.2.33 to 7.3.21 to 7.4.9 with no success
I was hoping someone could give me a pointer /link on where to look for a solution as I am getting a bit frustrated :) ?
I hope it's just something simple that I am just missing it!
I have been running Wampserver for few years as a local host while I develop my php skills to write a php website using dreamweaver (I class myself as a newbie always willing to learn). I Have been doing it piecemeal for about 2 years and Wamp has been great as a local host. Things were going great when I last worked at it in April this year and then for various reason had to stop.
I picked up the project again about two weeks ago and suddenly found when i opened my development site in Chrome, Edge, and Opera it would not work properly. But it worked OK in Firefox and the old internet explorer.
Looking at the DevTools 'Issues' I could see they first three had issues with the php session cookies - a samesite / secure issue.
'
'Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute
Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests'
Firefox and internet explorer were happy not to have samesite undefined and not secure.
Looking in the tmp folder I could see the cookies were being produced (or at least they were going into the tmp folder) but were just not being retained and were being blocked by Chrome, Edge and Opera.
I did a bit of googling and dived into the php.ini file (the correct one) and started playing with values in :
session.cookie_secure
and
session.cookie_samesite
I found that I could change the cookie properties that Firefox was seeing to secure by just changing
session.cookie_secure to 1 or On
I thought I had solved it, HOWEVER in Chrome, Edge and Opera the session cookie was still not being saved, it was being produced as they were still appearing in the tmp folder but were not visible in the local host cookies in the application section of the DevTools. WORSE in a way was that there are NO issues being flagged. The cookies are just not being retained / kept / made.
I understand from reading that Browser have increased their security round samesite cookies since April and I must have missed something or constructed my site so it has become an issue. I can't seem to find any reference to anybody else having this issue!
I have tinkered with various other settings in php.ini . including setting 'session.cookie_samesite = "None", to no avail, I have upgraded my WampServer to 3.2.3 (big mistake as though I backed up the website I forgot about the tables in the MSQL database and lost them and had to reconstruct them!) and tried various php version from 7.2.33 to 7.3.21 to 7.4.9 with no success
I was hoping someone could give me a pointer /link on where to look for a solution as I am getting a bit frustrated :) ?