cakePHP set Cookies for SameSite Attribute. But I can't find it in the Code/track it down

Question

I'm still becoming a developer. First of all I can't show any code related to this problem because I'm not allowed to do so...

With the new cookie policy from Chrome (and others) the SameSite attribute must be set to None.

My problem is, that I can't find any code where the cookies are set. It comes from a server. I searched the git repositories of the company I'm currently at. I searched the internet for every solution possible. The problem is finding the right place to put it in. The code is written in php which I haven't learned so far.

The said cookie comes from another website and I unable track it down.

Answer 1

I have managed to hack this using the following in CakePHP 3.8.13 and PHP 7.2

    $this->Cookie->setConfig([
        'path' =>  '/; SameSite=Lax',
        'expires' => '+180 days',
        'httpOnly' => \FALSE
    ]);

Answer 2

I am using cakephp 1.3. I need backend cookie at front-end that is not same domain. As of other solution not worked then I use my code. I created new cookie after login. Then, on front-end I used this cookie as backend login check and done my stuf.

header("Set-Cookie: admin_login= ".$_SESSION['Auth']['User']['id']."; path=/; ".$_SERVER['HTTP_HOST']."; HttpOnly; SameSite=None; Secure");

Answer 3

Cake 3.5.8

In your config/app.php add the following lines into the Session['ini'] section:

'Session' => [
        'ini' => [
           'session.cookie_samesite' => 'None',
           'session.cookie_secure' => true
       ]
],