====== Configuration Setting: samesitecookie ======

This configures the [[https://web.dev/samesite-cookies-explained/|samesite cookie attribute]] of cookies set by DokuWiki.

  * Type: String
  * Default: ''Lax''

> //Quoting [[https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies|MDN]]://
>
> With ''Strict'', the browser only sends the cookie with requests from the cookie's origin site. ''Lax'' is similar, except the browser also sends the cookie when the user navigates to the cookie's origin site (even if the user is coming from a different site). For example, by following a link from an external site. ''None'' specifies that cookies are sent on both originating and cross-site requests, but only in secure contexts (i.e., if SameSite=None then the Secure attribute must also be set). If no SameSite attribute is set, the cookie is treated as Lax.

Please note that leaving the attribute empty might differ slightly from ''Lax'' depending on Browser implementation details.


> //Quoting [[user>Michitux]] on the [[https://github.com/dokuwiki/dokuwiki/pull/3994#pullrequestreview-1473052428|pull request]] implementing this feature://
>
> Chrome's SameSite=Lax by default behavior sends cookies that are less than two minutes old in top-level cross-origin POST requests. According to [[https://www.chromium.org/updates/same-site/|SameSite Updates]], this should be temporary but I couldn't find any information about this actually being phased out.


===== See also =====

  * [[:config:|Configuring DokuWiki]]
  * [[config:securecookie|Configuration Setting: securecookie]]