Published at 2014-07-27 21:00:30
There are many (many) things that annoy me about Google Chrome, but this is the dumbest.
Considering how easy it is to work around, I've no idea what the point of this feature is. Surely not security? Certainly wasting a lot of developer's time.
My own personal work around is to set the domain on the session cookie to be null, so rather than:
session_set_cookie_params(0, '/', 'localhost', false, true); // where 'localhost' is injected from somewhere...
session_set_cookie_params(0, '/', null, false, true);