SameSite

This plugin automatically adds the SameSite attribute to a site's authentication cookies, providing a foundational layer of protection against Cross-Site Request Forgery (CSRF) attacks. It is designed for site administrators and developers seeking to harden their site's login security without complex setup.

• Automatic CSRF Protection: Once activated, the plugin modifies authentication cookies to include the SameSite flag, instructing modern browsers to restrict how cookies are sent with cross-site requests. This can prevent many common CSRF attack vectors.
• Broad PHP Version Support: It includes a polyfill to ensure the SameSite flag functions correctly on all PHP versions the platform supports, not just PHP 7.3 and above where native support was introduced.
• Zero-Configuration Operation: The plugin works immediately upon activation with sensible defaults. There is no administrative interface to manage, reducing setup time and potential for error.
• Configurable Flag Values: For advanced use cases, you can define the strictness of the SameSite policy directly in the site's configuration file. Options include Lax (the default balanced setting), Strict, or None.
• Focused on Authentication: The modification applies specifically to the core authentication cookies. This targeted approach ensures compatibility with other plugins while securing the most critical login sessions.

Note: Its functionality relies on pluggable functions and may be overridden by other plugins that also modify login cookie parameters. Testing via browser developer tools is recommended to confirm it is working in your specific environment.