CodeIgniter 3.x Same Site Alternative Fix

CodeIgniter 3.x Same Site Alternative Fix
  1. ADD this config at application/config/config.php for all cookie in framework
    ini_set(‘session.cookie_samesite’, ‘None’);
    ini_set(‘session.cookie_secure’, TRUE);

2.Edit this line at system/core/Security.php line ~273 replace from

setcookie(
$this->_csrf_cookie_name,
$this->_csrf_hash,
$expire,
config_item(‘cookie_path’),
config_item(‘cookie_domain’),
$secure_cookie,
config_item(‘cookie_httponly’)
);

change

setcookie($this->_csrf_cookie_name, $this->_csrf_hash, [‘samesite’ => ‘None’, ‘secure’ => true,’expires’ => $expire, ‘path’ => config_item(‘cookie_path’), ‘domain’ => config_item(‘cookie_domain’), ‘httponly’ => config_item(‘cookie_httponly’)]);

3. config.php

$config[‘sess_encrypt_cookie’] = TRUE; // set from false to TRUE

if ($_SERVER[“HTTP_HOST”] == “localhost”) {
$config[‘cookie_prefix’] = ‘’;
$config[‘cookie_domain’] = ‘’;
$config[‘cookie_path’] = ‘/’;
$config[‘cookie_secure’] = FALSE;
$config[‘cookie_httponly’] = FALSE;
}else{
$config[‘cookie_prefix’] = ‘’;
$config[‘cookie_domain’] = ‘’;
$config[‘cookie_path’] = ‘/; SameSite=None’;
$config[‘cookie_secure’] = TRUE;
$config[‘cookie_httponly’] = FALSE;
}

4. Add php.ini

opcache.enable = 0
session.cookie_samesite = “Lax”
session.cookie_secure = “1”
session.cookie_httponly = “1”