ProcessMaker · agustinbusso · Mar 30, 2026
diff --git a/ProcessMaker/Http/Controllers/Auth/LoginController.php b/ProcessMaker/Http/Controllers/Auth/LoginController.php
@@ -91,7 +91,7 @@ public function showLoginForm(Request $request)
                     true,
                     true,
                     false,
-                    'none'
+                    $this->sessionSameSite()
                 );
 
                 // Redirect to SSO and attach the cookie
@@ -111,7 +111,7 @@ public function showLoginForm(Request $request)
             true,
             true,
             false,
-            'none'
+            $this->sessionSameSite()
         );
         $loginView = empty(config('app.login_view')) ? 'auth.login' : config('app.login_view');
         $response = response(view($loginView, compact('addons', 'block')));
@@ -358,7 +358,7 @@ public function login(Request $request, User $user)
                     true,
                     true,
                     false,
-                    'none',
+                    $this->sessionSameSite(),
                 );
 
                 return redirect()->route('password.change');
@@ -406,4 +406,9 @@ private function setupLanguage(Request $request, User $user)
             $user->save();
         }
     }
+
+    private function sessionSameSite(): string
+    {
+        return config('session.same_site') ?: 'lax';
+    }
 }
diff --git a/ProcessMaker/Http/Controllers/TaskController.php b/ProcessMaker/Http/Controllers/TaskController.php
@@ -264,7 +264,17 @@ public function updateVariable(HttpRequest $request, $abe_uuid)
             // Review if the autentication is required
             if ($abe->require_login && Auth::user()->username === AnonymousUser::ANONYMOUS_USERNAME) {
                 $request->session()->put('url.intended', url()->full());
-                $cookie = cookie('processmaker_intended', url()->full(), 10, '/');
+                $cookie = cookie(
+                    'processmaker_intended',
+                    url()->full(),
+                    10,
+                    '/',
+                    null,
+                    true,
+                    true,
+                    false,
+                    config('session.same_site') ?: 'lax'
+                );
 
                 return redirect('login')->withCookie($cookie);
             }