Update April 2019
jQuery isn't needed for cookie reading/manipulation, so don't use the original answer below.
Go to https://github.com/js-cookie/js-cookie instead, and use the library there that doesn't depend on jQuery.
Basic examples:
// Set a cookie
Cookies.set('name', 'value');
// Read the cookie
Cookies.get('name') => // => 'value'
See the docs on github for details.
Before April 2019 (old)
See the plugin:
https://github.com/carhartl/jquery-cookie
You can then do:
$.cookie("test", 1);
To delete:
$.removeCookie("test");
Additionally, to set a timeout of a certain number of days (10 here) on the cookie:
$.cookie("test", 1, { expires : 10 });
If the expires option is omitted, then the cookie becomes a session cookie and is deleted when the browser exits.
To cover all the options:
$.cookie("test", 1, {
expires : 10, // Expires in 10 days
path : '/', // The value of the path attribute of the cookie
// (Default: path of page that created the cookie).
domain : 'jquery.com', // The value of the domain attribute of the cookie
// (Default: domain of page that created the cookie).
secure : true // If set to true the secure attribute of the cookie
// will be set and the cookie transmission will
// require a secure protocol (defaults to false).
});
To read back the value of the cookie:
var cookieValue = $.cookie("test");
UPDATE (April 2015):
As stated in the comments below, the team that worked on the original plugin has removed the jQuery dependency in a new project (https://github.com/js-cookie/js-cookie) which has the same functionality and general syntax as the jQuery version. Apparently the original plugin isn't going anywhere though.
I'm also in a "trial and error" for that, but this answer from Google Chrome Labs' Github helped me a little. I defined it into my main file and it worked - well, for only one third-party domain. Still making tests, but I'm eager to update this answer with a better solution :)
EDIT: I'm using PHP 7.4 now, and this syntax is working good (Sept 2020):
$cookie_options = array(
'expires' => time() + 60*60*24*30,
'path' => '/',
'domain' => '.domain.com', // leading dot for compatibility or use subdomain
'secure' => true, // or false
'httponly' => false, // or false
'samesite' => 'None' // None || Lax || Strict
);
setcookie('cors-cookie', 'my-site-cookie', $cookie_options);
If you have PHP 7.2 or lower (as Robert's answered below):
setcookie('key', 'value', time()+(7*24*3600), "/; SameSite=None; Secure");
If your host is already updated to PHP 7.3, you can use (thanks to Mahn's comment):
setcookie('cookieName', 'cookieValue', [
'expires' => time()+(7*24*3600,
'path' => '/',
'domain' => 'domain.com',
'samesite' => 'None',
'secure' => true,
'httponly' => true
]);
Another thing you can try to check the cookies, is to enable the flag below, which—in their own words—"will add console warning messages for every single cookie potentially affected by this change":
chrome://flags/#cookie-deprecation-messages
See the whole code at: https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md, they have the code for same-site-cookies too.
Best Answer
This is an open issue with Spring Security (https://github.com/spring-projects/spring-security/issues/7537)
As I inspected in Spring-Boot (
2.1.7.RELEASE), By Default it usesDefaultCookieSerializerwhich carry a propertysameSitedefaulting toLax.You can modify this upon application boot, through the following code.
Note: This is a hack until a real fix (configuration) is exposed upon next spring release.