When logged while this plugin is active, and visiting “My account” the page displays the login form, no toolbar and the html body class “logged-in” is missing. Login on that page might work, but logging out does not work (displaying “Really?”, bit when answer is “Yes”, it returns to logged in state).

This may be a bug in WooCommerce, or just some incompatibility I haven’t figured out. Logging in through /wp-admin actually works, even for customers, but then redirected to “My account” to be asked to log in again. If they go to the cart og checkout, those acknowledge them as logged in. This clearly indicates the problem is the behaviour of the “My account” page in WooCommerce.

Sad to have to deactivate on WooCommerce sites, as customes become very frustrated by this.

Any chance you may look into this and update your excellent plugin?

I will file a bug in WooCommerce, if so happens, otherwise I fear that is futile.

Installing this plugin on wordpress 6.4.3 breaks the user authentication mechanism. Cookie policies are set correctly. However when a user logs on they just get taken back to the logon page.

Feel like this plugin needs some regression testing with WP 6.4.3 and later, as somethig has changed in the authentication mechanism which is incomplatible with this plug in (v2.1)

The login page refreshes in the latest versions of Safari (desktop, mobile, tablet) instead of logging you in with the latest as well as previous versions of the plugin. Works with all other browsers and operating systems.

After login in to https://env-airdoctorpro-prelive.kinsta.cloud/my-account when I click on the home page top right icon it shows not logged in to our site.

Seems that samesite was added to PHP 7.3.

1. Is the plugin needed?

2. Is the following configuration needed?

define( 'WP_SAMESITE_COOKIE', 'Lax' ); // Lax or other setting?

• This topic was modified 3 years, 3 months ago by mulli.bahr.
• This topic was modified 3 years, 3 months ago by mulli.bahr.

The description text contains some flaws.

“To configure the SameSite flag value, edit your WordPress configuration file (wp-config.php), and add the following lines right above”

These lines are not properly formatted. The problem is that the quotes are the wrong ones, these are not accepted by php.

/** Set up WordPress vars and included files. */

define( 'WP_SAMESITE_COOKIE', 'Lax' ); // Pick from 'Lax', 'Strict', or 'None'.

• This topic was modified 3 years, 3 months ago by johnxba.

I think the way you are constructing the cookies manually doesn’t work for mobile edge. I’ve updated the code as follows but it will only work for PHP 7.3.

function samesite_setcookie($name, $value, array $options) {

	setcookie($name, $value, $options);
	$_COOKIE[$name] = $value;

/*
	$header = 'Set-Cookie:';
	$header .= rawurlencode($name) . '=' . rawurlencode($value) . ';';

	if (!empty($options['expires']) && $options['expires'] > 0) {
		$header .= 'expires=' . \gmdate('D, d-M-Y H:i:s T', (int) $options['expires']) . ';';
		$header .= 'Max-Age=' . max(0, (int) ($options['expires'] - time())) . ';';
	}

	$header .= 'path=' . rawurlencode($options['path']). ';';
	$header .= 'domain=' . rawurlencode($options['domain']) . ';';

	if (!empty($options['secure'])) {
		$header .= 'secure;';
	}
	$header .= 'httponly;';
	$header .= 'SameSite=' . rawurlencode($options['samesite']);

	header($header, false);
	$_COOKIE[$name] = $value;
*/

}

I guess your original code can be made to work in older versions. Perhaps you need spaces between the values and the ; delimiter in the SetCookie header but I haven’t investigated further.

• This topic was modified 3 years, 4 months ago by ssandison.

hi
Seems not to work with internet explorer 11. Not able to log in, returns to login page.

Hi, I installed your plugin yesterday and now we are logged out of the site, can’t log in as admin or subscriber. The page just reloads the login page showing we are logged out.

Seems not to work with Edge 85. Not able to log in, returns to login page.

Hi
I updated your plugin on the 7th January and now I can’t login as it redirects to the login page.

I have disabled it by renaming it in the Plugins folder and now I can login in again.

How can we fix this?

Morris

Hi guys.

I’d like to report some issues:

Szczegó?y b??du
===================
B??d typu E_ERROR zosta? spowodowany w linii 154 pliku /..../wp-content/plugins/samesite/samesite.php. Komunikat b??du: Uncaught Error: Call to undefined function _samesite_setcookie() in /..../wp-content/plugins/samesite/samesite.php:154
Stack trace:
#0 /..../wp-includes/user.php(101): wp_set_auth_cookie(2, false, true)
#1 /..../wp-login.php(1187): wp_signon(Array, true)
#2 {main}
  thrown

I changed the name of the function, but when I logged in, admin bar (on frontpage) doesn’t show up and none of this “SameSite” flag is not set.

Cheers

I still have an error with Facebook. How to solve it?

Hey,

Just wondering if there is a way to make the plugin also add a SECURE flag?

Much appreciated!

I have a WordPress Multisite (Network), and two of the sites actually have masked domains that are completely different from the main site. All of the subsites are subdomains, so I have abc.mysite.com masked by myawesomesite.com.

These are the only two sites that never finish loading when I try to get to them via Chrome, and I always see the “A cookie associated with a cross-site resource at…was set without the SameSite attribute” (in the Developer Tools Console). This is after I installed the plugin. After several minutes, one of them gave the error “Incorrect or out of date login key,” but this error was on the page itself.

Is this something to do with the plugin, something else related to the cookie situation, or something else altogether?

Hi,

Your plugin doesn’t do the job with my product details page of woocommerce (with stripe payment).

If you check the console on the link I sent, you ll see the Samesite error.

Can you help me to fix this issue please?

Kind regards

Hi,

When we log into the admin area the site refreshes the login page.
As if it is unable to set the login cookies or if there is an issue at this point.

Do let me know if you need any further information or debug data.

I can see a cookie is trying to be set here x4:

set-cookie: wordpress_sec_PRIV_DATA;expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;path=%2Fwp%2Fwp-admin;domain=;secure;httponly;SameSite=Lax

PHP Fatal error: Uncaught Error: Call to undefined function _samesite_setcookie() in /home/[..]/public_html/wp-content/plugins/samesite/samesite.php:154

WP 5.1.1
PHP 7.3.4
Multisite (logging in to main site)
Using Two factor auth