Article Topic Learning Download Q&A Programming Dictionary Game Recent Updates

简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)

Home > Backend Development > PHP Tutorial > body text

How to Implement the SameSite Attribute for PHP Cookies?

Patricia Arquette

Release： 2024-10-24 20:26:29

Original

180 people have browsed it

How to Implement the SameSite Attribute for PHP Cookies?

Same Site Attribute for PHP Cookies

RFC 6265 introduces the "Same Site" attribute for cookies, which enhances cookie security by restricting cross-site request forgery (CSRF) attacks.

PHP Support:

For PHP >= v7.3:

The setcookie() function supports the "Same Site" attribute via the $options array. The valid values are:

None
Lax
Strict

For PHP < v7.3:

Due to PHP core limitations, several workarounds are available:

Apache Configuration:

Add the following line to modify all cookies with the "Same Site" attribute:

Nginx Configuration:

Update the configuration to include:

Header Method:

You can explicitly set cookies using headers:

Exploiting a Bug:

Using an outdated setcookie() method leveraging a bug:

Note: This bug is resolved in PHP 7.3.

References:

[Chrome Status: Feature documentation](https://www.chromestatus.com/feature/5633521622188032)
[HTTPbis draft](https://tools.ietf.org/html/draft-west-first-party-cookies)
[HTTPbis latest draft](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis)
[PHP Manual: setcookie()](https://php.net/manual/en/function.setcookie.php)

The above is the detailed content of How to Implement the SameSite Attribute for PHP Cookies?. For more information, please follow other related articles on the PHP Chinese website!

source：php.cn

Previous article：Here are a few title options, keeping the question format and focusing on the core problem: * **Twitter API Error Code 215: Why Am I Getting \"Bad Authentication Data\"?** * **How to Fix T Next article：How to Get the Local IP Address in PHP?

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

Latest Issues

function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...

From 2024-04-29 11:01:01

0

2

1665

How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?

From 2024-04-23 00:22:19

0

10

1817

The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.

From 2024-04-19 15:37:47

0

1

1543

There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...

From 2024-04-18 23:52:34

0

1

1454

Where is the courseware about CSS mind mapping? Courseware

From 2024-04-16 10:10:18

0

0

1504

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template

About us Disclaimer Sitemap: php.cn：Public welfare online PHP training，Help PHP learners grow quickly！