It's better when it's simple

User Tools

Site Tools


Configuration Setting: samesitecookie

This configures the samesite cookie attribute of cookies set by DokuWiki.

  • Type: String
  • Default: Lax
Quoting MDN:

With Strict, the browser only sends the cookie with requests from the cookie's origin site. Lax is similar, except the browser also sends the cookie when the user navigates to the cookie's origin site (even if the user is coming from a different site). For example, by following a link from an external site. None specifies that cookies are sent on both originating and cross-site requests, but only in secure contexts (i.e., if SameSite=None then the Secure attribute must also be set). If no SameSite attribute is set, the cookie is treated as Lax.

Please note that leaving the attribute empty might differ slightly from Lax depending on Browser implementation details.

Quoting Michitux on the pull request implementing this feature:

Chrome's SameSite=Lax by default behavior sends cookies that are less than two minutes old in top-level cross-origin POST requests. According to SameSite Updates, this should be temporary but I couldn't find any information about this actually being phased out.

See also

config/samesitecookie.txt · Last modified: 2024-02-06 14:08 by andi

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki