CodeIgniter 3.x Same Site Alternative Fix
php
- ADD this config at application/config/config.php for all cookie in framework
ini_set(‘session.cookie_samesite’, ‘None’);
ini_set(‘session.cookie_secure’, TRUE);
2.Edit this line at system/core/Security.php line ~273 replace from
setcookie(
$this->_csrf_cookie_name,
$this->_csrf_hash,
$expire,
config_item(‘cookie_path’),
config_item(‘cookie_domain’),
$secure_cookie,
config_item(‘cookie_httponly’)
);
change
setcookie($this->_csrf_cookie_name, $this->_csrf_hash, [‘samesite’ => ‘None’, ‘secure’ => true,’expires’ => $expire, ‘path’ => config_item(‘cookie_path’), ‘domain’ => config_item(‘cookie_domain’), ‘httponly’ => config_item(‘cookie_httponly’)]);
3. config.php
$config[‘sess_encrypt_cookie’] = TRUE; // set from false to TRUE
if ($_SERVER[“HTTP_HOST”] == “localhost”) {
$config[‘cookie_prefix’] = ‘’;
$config[‘cookie_domain’] = ‘’;
$config[‘cookie_path’] = ‘/’;
$config[‘cookie_secure’] = FALSE;
$config[‘cookie_httponly’] = FALSE;
}else{
$config[‘cookie_prefix’] = ‘’;
$config[‘cookie_domain’] = ‘’;
$config[‘cookie_path’] = ‘/; SameSite=None’;
$config[‘cookie_secure’] = TRUE;
$config[‘cookie_httponly’] = FALSE;
}
4. Add php.ini
opcache.enable = 0
session.cookie_samesite = “Lax”
session.cookie_secure = “1”
session.cookie_httponly = “1”
