PHP setcookie "SameSite=Strict"?
HTTP's new "SameSite" attribute helps prevent Cross-Site Request Forgery (CSRF) attacks by restricting which requests can include cookies.
Current PHP Support for "SameSite"
PHP 7.3 and later support creating cookies with the "SameSite" attribute using the $options array:
<code class="php">setcookie($name, $value, [
'expires' => time() + 86400,
'path' => '/',
'domain' => 'domain.example',
'secure' => true,
'httponly' => true,
'samesite' => 'None',
]);</code>For PHP versions below 7.3:
Apache Configuration:
<code class="apache">Header always edit Set-Cookie (.*) "; SameSite=Lax"</code>
Nginx Configuration:
<code class="nginx">location / {
# set all cookies to secure, HttpOnly, and SameSite=Lax
proxy_cookie_path / "/; secure; HttpOnly; SameSite=Lax";
}</code>Header Method:
<code class="php">header("Set-Cookie: key=value; path=/; domain=example.org; HttpOnly; SameSite=Lax");</code>Bug in setcookie Method (deprecated in PHP 7.3):
<code class="php">setcookie('cookie-name', '1', 0, '/; samesite=strict');</code>The above is the detailed content of **How to Set 'SameSite=Strict' for Cookies in PHP?**. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
