I'm using PHP 7.3 and Jelix 1.6.24 to authenticate an app (https://website2.com).
I'm embedding https://website2.com into https://website1.com via an iframe.
It was working well until recently when Chrome changed its security policy requiring cookie SameSite set to None.
My https app has 2 cookies PHPSESSID and HASH_PHPSESSID.
To set SameSite to None I went into jelix/core/jSession.class.php and added session_set_cookie_params(['samesite' => 'None', 'secure' => true]); beforesession_start();
.
As a result, in app cookie PHPSESSID is correctly defined (Secure=True | SameSite = None). However, I can't get HASH_PHPSESSID to be set the same (Secure=True | SameSite = )!
Any idea how to handle this in https?