@renefreund
Hi,
We use AjaxOptOut-Plugin instead of the OptOut-Iframe: https://plugins.matomo.org/AjaxOptOut?piwikversion=3.
Matomo-Host and Website-Host don't share the same Domainname and use https.
The IgnoreCookie::setIgnoreCookie(); function works fine.
But IgnoreCookie::getIgnoreCookie()->delete(); fails to delete the "piwik_ignore".
Browser (like Chrome 86) mention that SameSite isn't set.
After some investigation we found the cause in /core/Cookie.php
public function delete()
{
$this->setP3PHeader();
$this->setCookie($this->name, 'deleted', time() - 31536001, $this->path, $this->domain);
}Here is no handling, if SSL or Samesite is needed. We quick-patched it by setting the "delete" the ignore-cookie two times.
public function delete()
{
$this->setP3PHeader();
$this->setCookie($this->name, 'deleted', time() - 31536001, $this->path, $this->domain);
$this->setCookie($this->name, 'deleted', time() - 31536001, $this->path, $this->domain, TRUE, FALSE, 'None');
}Now the first cookie gets ignored by Chrome, but the second cookie is accepted.
I hope you have a better idea to solve this problem.
i don't know if any issue in the cookie-meta-issue #14904 already cover that (i haven't found that scenario there).
Greetings
René
@tsteur
Thank you for creating this issue. I thought we already have an issue for this but doesn't look like it.