With google rolling out the new chrome version and the changes on how cookies with no same-site value are treated this means every pimcore developer needs to fix their projects if you use 3rd party software for authentication, payments and so on.
(More on the topic: https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/)
The currently agreed solution which works 100% is to define each session cookie 2 times, once with
same-site=none; secure and once without a same site attribute.
The session handler needs no take this into account and use whichever cookie present.
My questions for the pimcore developers/community are the following:
- From which release on will the pimcore core implement these changes?
- Are there any plans to release hotfixes for older pimcore versions that don’t use symfony?