Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Samesite cookie fix not working in PHP 7.3 and higher #8432

Closed
dennisameling opened this issue Feb 12, 2020 · 1 comment · Fixed by #8436
Closed

Samesite cookie fix not working in PHP 7.3 and higher #8432

dennisameling opened this issue Feb 12, 2020 · 1 comment · Fixed by #8436
Labels
bug Issues or PR's relating to bugs
Milestone
2.16.0

Comments

@dennisameling
Copy link
Member

dennisameling commented Feb 12, 2020
edited

Bug Description

As reported by Lex Gabrees on Slack:

So, I upgraded from 2.15.3 to 2.16beta in order to see if the samesite issue was fixed (which I was told) ... Now I get loads of PHP warnings about samesite and cookies. Does anyone know what these mean? See attachment ... Anyone know what these mean exactly (except that it's a samesite, cookie issue ofc)

The PR that is responsible for this is #8347.

After doing some research, I found that this only applies to PHP 7.3 and higher: https://stackoverflow.com/a/46971326

Q A
Mautic version 2.16.0-beta
PHP version 7.3
Browser N/A

Steps to reproduce

  1. For generating the errors as found below, you can use test with curl as described here: Future browsers samesite none #8347 (comment)

Log errors

[2020-02-12 08:30:57] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3650,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 08:41:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3651,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 08:42:17] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3652,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 08:52:21] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3653,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 08:57:47] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3654,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:24] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3655,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_session_id","value":"","expire":1581493958,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_device_id","value":"2hjs4ec4msjfc84va5c3wmn","expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mtc_id","value":618,"expire":null,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mtc_sid","value":"2hjs4ec4msjfc84va5c3wmn","expire":null,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_session_id","value":"2hjs4ec4msjfc84va5c3wmn","expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"2hjs4ec4msjfc84va5c3wmn","value":618,"expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"2hjs4ec4msjfc84va5c3wmn","value":"","expire":1581493958,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_session_id","value":"","expire":1581493958,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_device_id","value":"1161arl2gbu3bhwp94fd2e5","expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mtc_id","value":396,"expire":null,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mtc_sid","value":"1161arl2gbu3bhwp94fd2e5","expire":null,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_session_id","value":"1161arl2gbu3bhwp94fd2e5","expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"1161arl2gbu3bhwp94fd2e5","value":396,"expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:38] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3656,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:40] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3657,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:42] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3658,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:44] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3659,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:49] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3660,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:53] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3661,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 09:52:55] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3662,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:18] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3663,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:29] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_session_id","value":"","expire":1581496109,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:29] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_device_id","value":"0fcy5wgzmfikp4b0vthjhs4","expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:29] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mtc_id","value":619,"expire":null,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:29] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mtc_sid","value":"0fcy5wgzmfikp4b0vthjhs4","expire":null,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:29] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_session_id","value":"0fcy5wgzmfikp4b0vthjhs4","expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:29] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"0fcy5wgzmfikp4b0vthjhs4","value":619,"expire":31536000,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
[2020-02-12 10:28:31] mautic.WARNING: PHP Warning - Cookie paths cannot contain any of the following ',; \t\r\n\013\014' - in file /var/www/mc.lexgabrees.com/htdocs/app/bundles/CoreBundle/Helper/CookieHelper.php - at line 93 {"name":"mautic_referer_id","value":3664,"expire":1800,"path":null,"domain":null,"secure":null,"httponly":null,"sameSiteNoneText":"; samesite=none"} []
@dennisameling dennisameling added the bug Issues or PR's relating to bugs label Feb 12, 2020
@dennisameling dennisameling added this to the 2.16.0 milestone Feb 12, 2020
@dennisameling
Copy link
Member Author

The fix will need

  • A PHP version check (if version < 7.3, use the existing approach, if version >= 7.3, use the approach mentioned below)
  • Create fix for 7.3 and higher where we leverage the $options['samesite'] attribute of the setcookie() function. See https://github.com/php/php-src/blob/PHP-7.3/UPGRADING#L350

@npracht npracht added this to Ready to test in Mautic 2 Feb 13, 2020
@npracht npracht moved this from Ready to test to Backlog in Mautic 2 Feb 13, 2020
@lukassykora lukassykora mentioned this issue Feb 13, 2020
Merged
@npracht npracht removed this from Backlog in Mautic 2 Mar 10, 2020
@fumikito fumikito mentioned this issue Sep 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Issues or PR's relating to bugs
Projects
None yet
Milestone
2.16.0
Development

Successfully merging a pull request may close this issue.

Issue 8432 cookie php73 lukassykora/mautic
1 participant
@dennisameling