How to fix “set SameSite cookie to none” warning?

Question

I created a chrome extension and from popup.js I called PHP script (Using Xhttprequest) that reads the cookie. Like this:

$cookie_name = \"mycookie\";

if(is         


        

Answer 1

I'm also in a "trial and error" for that, but this answer from Google Chrome Labs' Github helped me a little. I defined it into my main file and it worked - well, for only one third-party domain. Still making tests, but I'm eager to update this answer with a better solution :)

EDIT: I'm using PHP 7.4 now, and this syntax is working good (Sept 2020):

$cookie_options = array(
  'expires' => time() + 60*60*24*30,
  'path' => '/',
  'domain' => '.domain.com', // leading dot for compatibility or use subdomain
  'secure' => true, // or false
  'httponly' => false, // or false
  'samesite' => 'None' // None || Lax || Strict
);

setcookie('cors-cookie', 'my-site-cookie', $cookie_options);

--

If you have PHP until 7.2 (as Robert's answered below):

setcookie('key', 'value', time()+(7*24*3600), "/; SameSite=None; Secure");

If your host is already updated to 7.3, you can use (thanks to Mahn's comment):

setcookie('key', 'value', ['expires' => time()+(7*24*3600, 'path' => '/', 'domain' => 'domain.com', 'samesite' => 'None', 'secure' => true, 'httponly' => true ]);

Another thing you can try to check the cookies, is enable the flag below, which - in their own words - "will add console warning messages for every single cookie potentially affected by this change":

chrome://flags/#cookie-deprecation-messages

See the whole code at: https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md, they have the code for same-site-cookies too.