Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.3k
Add documentation on cookie_samesite setting in FrameworkBundle#10202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
| ~~~~~~~~~~~~~~~~~~~~~~~ | ||
| ..versionadded::4.2 | ||
| The option to use SameSite cookies for session was introduced in 4.2. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
for sessions?
| ..versionadded::4.2 | ||
| The option to use SameSite cookies for session was introduced in 4.2. | ||
| SameSite cookies are a measure to protect against Cross Site Forgery Request (CSRF) attacks by preventing the cookies to be sent to the server if a request was not originated from the domain the cookies are for. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Text should be at around 80 chars
This PR was merged into the 4.2-dev branch.Discussion----------Add SameSite cookies to FrameWorkBundle| Q | A| ------------- | ---| Branch? | master| Bug fix? | no| New feature? | yes, and added to changeloghttps://github.com/symfony/symfony/pull/28168/files#diff-276f5b13978c2ce3f555b9603f44801aR21| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets | #27631| License | MIT| Doc PR |symfony/symfony-docs#10202Uses `session.cookie_samesite` for PHP >= 7.3. For PHP < 7.3 it firstdoes a session_start(), find the emitted header, changes it, and emitsit again with the value for SameSite added.I also tried it in a minimal Symfony 4.1 app, and works there too:Commits-------4091feb693 Add SameSite cookies to FrameWorkBundle
This PR was merged into the 4.2-dev branch.Discussion----------Add SameSite cookies to FrameWorkBundle| Q | A| ------------- | ---| Branch? | master| Bug fix? | no| New feature? | yes, and added to changeloghttps://github.com/symfony/symfony/pull/28168/files#diff-276f5b13978c2ce3f555b9603f44801aR21| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets |#27631| License | MIT| Doc PR |symfony/symfony-docs#10202Uses `session.cookie_samesite` for PHP >= 7.3. For PHP < 7.3 it firstdoes a session_start(), find the emitted header, changes it, and emitsit again with the value for SameSite added.I also tried it in a minimal Symfony 4.1 app, and works there too:Commits-------4091feb Add SameSite cookies to FrameWorkBundle
javiereguiluz commentedSep 5, 2018
@rpkamp thanks a lot for contributing this feature and its docs. It's a really important feature because PHP 7.3 is adding support for it as well as all modern browsers. Sadly, this pull request needed some important changes ... so I opened#10258 to replace it. The main issue is that this is a config option of Symfony full-stack apps ... so we can't explain it in the components doc (I know, it may be confusing ... we're trying to change this). Also, given that it's a very recent feature, we decided to explain it a bit more so readers can make a better choice for this option. In any case, thanks again for your contribution! |
rpkamp commentedSep 5, 2018
No problem@javiereguiluz. Thanks for taking this on 😄 |
Documentation supportingsymfony/symfony#28168