php
setcookie() 'samesite' option bugging
From manual page: https://php.net/function.setcookie
This works :
$cookie_options = array('expires' => $max_expiration, 'path' => '/', 'domain' => '', 'secure' => false, 'httponly' => false);
setcookie("Sondage01", $cookie_value_string, $cookie_options);
This doesn't work :
$cookie_options = array('expires' => $max_expiration, 'path' => '/', 'domain' => '', 'secure' => false, 'httponly' => false, 'samesite' => 'None');
setcookie("Sondage01", $cookie_value_string, $cookie_options);
Test page here : https://pastebin.com/5Bu8G225 Uncomment line 5 to make it work again.
I add that if you don't use an array but directly fill the options in the setcookie() function, it refuses to have more than 7 arguments (name + value + the 5 options from expires to httponly).
What version of PHP are you testing this on?
The behavior you describe sounds like you're using PHP < 7.3, when the $options parameter and samesite support were added, and have warnings and notices disabled. (See changelog on the manual page)
I've run OP's pastebin script on PHP 8.4 and it works as expected (and documented). In the Chrome Dev Tools Network tab, if I click on the request and check the 'Headers' tab it shows the Set-Cookie line was sent, with Same-Site=None.
However Chrome blocks the cookie because it does not have the "Secure" attribute. This RFC requirement is noted in the MDN documentation for SameSite
PHP is doing exactly what you asked it to and sending a cookie with SameSite=None and no Secure attribute, but the client is blocking that.
I've suggested adding a note to the setcookie() documentation, but there's no bug here.