Menu
I currently have a PHP script that sets the sametime cookie as follows:
session_set_cookie_params($cookie_timeout, $cookieParams["path"], $cookie_domain, $session_secure, $cookie_httponly);
I want to add samesite="Lax" to the above statement by adding an extra parameter where ($cookie_samesite="Lax")
session_set_cookie_params($cookie_timeout, $cookieParams["path"], $cookie_domain, $session_secure, $cookie_httponly, $cookie_samesite);
The new output of the statement would look like
1800, /, ".vasports.com.au", 1, 1, "Lax"
Is this the correct format for the samesite parameter?
NOTE: I do not have a PHP7.3 installed yet. Hence I can't test this properly. And I've referred to PHP doco for "session_set_cookie_params". I have also checked
PHP setcookie "SameSite=Strict"?
651
To prepare, Android allows native apps to set cookies directly through the CookieManager API. You must declare first party cookies as SameSite=Lax or SameSite=Strict , as appropriate. You must declare third party cookies as SameSite=None; Secure .
PHP example for SameSite=None; Secure // Set a same-site cookie for first-party contexts setcookie('cookie1', 'value1', ['samesite' => 'Lax']); // Set a cross-site cookie for third-party contexts setcookie('cookie2', 'value2', ['samesite' => 'None', 'secure' => true]);
Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.
Adapted from SilverShadow answer, but fixing the syntax for php <7.3,
since session_set_cookie_params() can't take an array as single parameter until preciselly 7.3, instead each parameter needs to be set.
and autodetecting php version for the correct option so you can use it even if you later upgrade to 7.3:
// set as your own needs:
$maxlifetime = 0;
$path = '/';
$domain = '';
$secure = false;
$httponly = false;
$samesite = 'lax'; // here is what we need
if(PHP_VERSION_ID < 70300) {
session_set_cookie_params($maxlifetime, $path.'; samesite='.$samesite, $domain, $secure, $httponly);
} else {
// note I use `array()` instead of `[]` to allow support of php <5.4
session_set_cookie_params(array(
'lifetime' => $maxlifetime,
'path' => $path,
'domain' => $domain,
'secure' => $secure,
'httponly' => $httponly,
'samesite' => $samesite
));
}
After some further research ...
$cookieParams = session_get_cookie_params();
$cookieParams[samesite] = "Lax";
session_set_cookie_params($cookieParams);
Check your 'set-cookie:' header and you should now see the text 'SameSite=Lax' at the end like this.
set-cookie: ssid=b930bc608a911781f459a4f46b2c513d; expires=Wed, 16-Oct-2019 10:48:49 GMT; Max-Age=1800; path=/; secure; HttpOnly; SameSite=Lax
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With