PHP setting a Session-Cookie with samesite

I currently have a PHP script that sets the sametime cookie as follows:

    session_set_cookie_params($cookie_timeout, $cookieParams["path"], $cookie_domain, $session_secure, $cookie_httponly);

I want to add samesite="Lax" to the above statement by adding an extra parameter where ($cookie_samesite="Lax")

    session_set_cookie_params($cookie_timeout, $cookieParams["path"], $cookie_domain, $session_secure, $cookie_httponly, $cookie_samesite);

The new output of the statement would look like

1800, /, ".vasports.com.au", 1, 1, "Lax"

Is this the correct format for the samesite parameter?

NOTE: I do not have a PHP7.3 installed yet. Hence I can't test this properly. And I've referred to PHP doco for "session_set_cookie_params". I have also checked

PHP setcookie "SameSite=Strict"?

How do I set SameSite cookies?

To prepare, Android allows native apps to set cookies directly through the CookieManager API. You must declare first party cookies as SameSite=Lax or SameSite=Strict , as appropriate. You must declare third party cookies as SameSite=None; Secure .

How do you set the SameSite attribute of cookies to LAX strict in PHP?

PHP example for SameSite=None; Secure // Set a same-site cookie for first-party contexts setcookie('cookie1', 'value1', ['samesite' => 'Lax']); // Set a cross-site cookie for third-party contexts setcookie('cookie2', 'value2', ['samesite' => 'None', 'secure' => true]);

Can PHP session work with browser cookies?

Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

Adapted from SilverShadow answer, but fixing the syntax for php <7.3, since session_set_cookie_params() can't take an array as single parameter until preciselly 7.3, instead each parameter needs to be set. and autodetecting php version for the correct option so you can use it even if you later upgrade to 7.3:

// set as your own needs:
$maxlifetime = 0;
$path = '/';
$domain = '';
$secure = false;
$httponly = false;
$samesite = 'lax'; // here is what we need

if(PHP_VERSION_ID < 70300) {
    session_set_cookie_params($maxlifetime, $path.'; samesite='.$samesite, $domain, $secure, $httponly);
} else {
    // note I use `array()` instead of `[]` to allow support of php <5.4
    session_set_cookie_params(array(
        'lifetime' => $maxlifetime,
        'path' => $path,
        'domain' => $domain,
        'secure' => $secure,
        'httponly' => $httponly,
        'samesite' => $samesite
    ));
}

After some further research ...

Get current parameters first.
Then change the parameters as required, in this case [samesite]="Lax".
Set the cookie.

    $cookieParams = session_get_cookie_params();
    $cookieParams[samesite] = "Lax";
    session_set_cookie_params($cookieParams);

Check your 'set-cookie:' header and you should now see the text 'SameSite=Lax' at the end like this.

    set-cookie: ssid=b930bc608a911781f459a4f46b2c513d; expires=Wed, 16-Oct-2019 10:48:49 GMT; Max-Age=1800; path=/; secure; HttpOnly; SameSite=Lax

PHP setting a Session-Cookie with samesite

Tags:

php

cookies

user3526609

People also ask

2 Answers

DiegoDD

user3526609

Recent Activity

Donate For Us

PHP setting a Session-Cookie with samesite

Tags:

php

cookies

user3526609

People also ask

2 Answers

DiegoDD

user3526609

Related questions

Recent Activity

Donate For Us