diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
index 47d67e4..d51a0e1 100644
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -12,6 +12,7 @@ Yii Framework 2 Change Log
 - Bug #17960: Fix unsigned primary key type mapping for SQLite (bizley)
 - Enh #17758: `Query::withQuery()` can be used for CTE (sartor)
 - Bug #17974: Fix ActiveRelationTrait compatibility with PHP 7.4 (Ximich)
+- Enh #18006: Allow SameSite cookie pre PHP 7.3 (scottix)
 
 
 2.0.34 March 26, 2020
diff --git a/framework/web/Response.php b/framework/web/Response.php
index c9206d3..78e719f 100644
--- a/framework/web/Response.php
+++ b/framework/web/Response.php
@@ -411,8 +411,10 @@ class Response extends \yii\base\Response
                     'sameSite' => !empty($cookie->sameSite) ? $cookie->sameSite : null,
                 ]);
             } else {
+                // Work around for setting sameSite cookie prior PHP 7.3
+                // https://stackoverflow.com/questions/39750906/php-setcookie-samesite-strict/46971326#46971326
                 if (!is_null($cookie->sameSite)) {
-                    throw new InvalidConfigException(get_class($cookie) . '::sameSite is not supported by PHP versions < 7.3.0 (set it to null in this environment)');
+                    $cookie->path .= '; samesite=' . $cookie->sameSite;
                 }
                 setcookie($cookie->name, $value, $cookie->expire, $cookie->path, $cookie->domain, $cookie->secure, $cookie->httpOnly);
             }
diff --git a/framework/web/Session.php b/framework/web/Session.php
index 4c0c9e5..fcc8a3a 100644
--- a/framework/web/Session.php
+++ b/framework/web/Session.php
@@ -399,7 +399,7 @@ class Session extends Component implements \IteratorAggregate, \ArrayAccess, \Co
                 session_set_cookie_params($data);
             } else {
                 if (!empty($data['samesite'])) {
-                    throw new InvalidConfigException('samesite cookie is not supported by PHP versions < 7.3.0 (set it to null in this environment)');
+                    $data['path'] .= '; samesite=' . $data['samesite'];
                 }
                 session_set_cookie_params($data['lifetime'], $data['path'], $data['domain'], $data['secure'], $data['httponly']);
             }
diff --git a/tests/framework/web/ResponseTest.php b/tests/framework/web/ResponseTest.php
index d52d3fb..50b1226 100644
--- a/tests/framework/web/ResponseTest.php
+++ b/tests/framework/web/ResponseTest.php
@@ -311,4 +311,21 @@ class ResponseTest extends \yiiunit\TestCase
 
         $this->assertSame("attachment; filename=\"test_test.txt\"; filename*=utf-8''test%7Ftest.txt", $response->headers['content-disposition']);
     }
+
+    public function testSameSiteCookie()
+    {
+        $response = new Response();
+        $response->cookies->add(new \yii\web\Cookie([
+            'name'     => 'test',
+            'value'    => 'testValue',
+            'sameSite' => \yii\web\Cookie::SAME_SITE_STRICT,
+        ]));
+
+        ob_start();
+        $response->send();
+        $content = ob_get_clean();
+
+        // Only way to test is that it doesn't create any errors
+        $this->assertEquals('', $content);
+    }
 }