Some users may have begun to experience a bug with <iframe> elements “not working” or getting requests rejected. This is because cookies sent through the <iframe> tag are flagged as malicious or detected as a potential “cross-site scripting attack” [https://sucuri.net/guides/what-is-cross-site-scripting/#:~:text=Examples%20of%20reflected%20cross%2Dsite,only%20they%20see%20the%20result].
Since using the iframe within FiveM NUI generally will be “treated as cross-site scenarios” [https://docs.microsoft.com/en-us/aspnet/samesite/system-web-samesite], we can use the following block of code to allow for the cookies to be accepted after form submission.
$secure = true;
$httponly = true;
$samesite = 'none';
$lifetime=600;
if(PHP_VERSION_ID < 70300) {
session_set_cookie_params($maxlifetime, '/; samesite='.$samesite, $_SERVER['HTTP_HOST'], $secure, $httponly);
} else {
session_set_cookie_params([
'lifetime' => $maxlifetime,
'path' => '/',
'domain' => $_SERVER['HTTP_HOST'],
'secure' => $secure,
'httponly' => $httponly,
'samesite' => $samesite
]);
}
^ inserting this line of code, right after the PHP opener of my login.php is the fix. The first part sets some variables for use and then there is a version check for if it is a version older than PHP 7.3 it will set the cookie that top way and then if not it does the bit longer way, but it should be a solid patch.