Skip to content
Browse files
[Session] Cookie SameSite should be strict by default
  • Loading branch information
brusch committed Jul 28, 2021
1 parent 43b0963 commit 8aa0cac5ef555a9bf3811d1cc6a8fb9d07707e88
@@ -19,6 +19,7 @@ framework:
# use the native PHP session mechanism
handler_id: null
cookie_samesite: 'strict'
log: true
assets: ~
@@ -29,6 +29,14 @@ services:
- Pimcore\Security\Encoder\PasswordFieldEncoder
- ['password']
- [Session] Default setting for `framework.session.cookie_samesite` changed to `strict`.
For more information about the possible impact on your project, please have a look at the [docs of set-cookie](
If you prefer to stay on the old session cookie behavior, please add the following to your project configuration:
cookie_samesite: 'lax'

## 10.0.0

0 comments on commit 8aa0cac

Please sign in to comment.