**How to Set \'SameSite=Strict\' for Cookies in PHP?**

PHP setcookie "SameSite=Strict"?

HTTP's new "SameSite" attribute helps prevent Cross-Site Request Forgery (CSRF) attacks by restricting which requests can include cookies.

Current PHP Support for "SameSite"

PHP 7.3 and later support creating cookies with the "SameSite" attribute using the $options array:

<code class="php">setcookie($name, $value, [
    'expires' => time() + 86400,
    'path' => '/',
    'domain' => 'domain.example',
    'secure' => true,
    'httponly' => true,
    'samesite' => 'None',
]);</code>

For PHP versions below 7.3:

Apache Configuration:

<code class="apache">Header always edit Set-Cookie (.*) "; SameSite=Lax"</code>

Nginx Configuration:

<code class="nginx">location / {
    # set all cookies to secure, HttpOnly, and SameSite=Lax
    proxy_cookie_path / "/; secure; HttpOnly; SameSite=Lax";
}</code>

Header Method:

<code class="php">header("Set-Cookie: key=value; path=/; domain=example.org; HttpOnly; SameSite=Lax");</code>

Bug in setcookie Method (deprecated in PHP 7.3):

<code class="php">setcookie('cookie-name', '1', 0, '/; samesite=strict');</code>

The above is the detailed content of **How to Set \'SameSite=Strict\' for Cookies in PHP?**. For more information, please follow other related articles on the PHP Chinese website!