Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Joomla.

  1. In your Joomla configuration.php, set:

  2. public $cookie_domain = '';

  3. For Joomla 4+, edit libraries/src/Application/WebApplication.php or use the session configuration in Global Configuration > System > Session to set the SameSite attribute.

  4. In .htaccess, also apply the Apache header edit rule as a fallback:

    Header always edit Set-Cookie (.*) "$1; SameSite=Lax"
Back to top