Clarify session.cookie_samesite="None"

author: Nikita Popov <nikita.ppv@gmail.com> 2020-03-18 15:59:30 +0100
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-03-18 15:59:30 +0100
commit: c00cce3229515eacdb1680f39132ed3ca09cc205 (patch)
tree: 1264ddde6221f871954e97ee672522111ae26063 /php.ini-production
parent: b114e3d953bb1d27d3686d3dc2274f4f5b9154fe (diff)
download: php-git-c00cce3229515eacdb1680f39132ed3ca09cc205.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/php.ini-production b/php.ini-production
index 5a68647eca..ee1ff0731d 100644
--- a/php.ini-production
+++ b/php.ini-production
@@ -1415,7 +1415,8 @@ session.cookie_domain =
 session.cookie_httponly =
 
 ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
-; Current valid values are "Lax" or "Strict"
+; Current valid values are "Strict", "Lax" or "None". When using "None",
+; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
 ; https://tools.ietf.org/html/draft-west-first-party-cookies-07
 session.cookie_samesite =
author	Nikita Popov <nikita.ppv@gmail.com>	2020-03-18 15:59:30 +0100
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-03-18 15:59:30 +0100
commit	c00cce3229515eacdb1680f39132ed3ca09cc205 (patch)
tree	1264ddde6221f871954e97ee672522111ae26063 /php.ini-production
parent	b114e3d953bb1d27d3686d3dc2274f4f5b9154fe (diff)
download	php-git-c00cce3229515eacdb1680f39132ed3ca09cc205.tar.gz