Home > Article > Backend Development > **How to Set \"SameSite=Strict\" for Cookies in PHP?**
**How to Set \"SameSite=Strict\" for Cookies in PHP?**
- DDDOriginal
- 2024-10-25 12:58:30759browse
PHP setcookie "SameSite=Strict"?
HTTP's new "SameSite" attribute helps prevent Cross-Site Request Forgery (CSRF) attacks by restricting which requests can include cookies.
Current PHP Support for "SameSite"
PHP 7.3 and later support creating cookies with the "SameSite" attribute using the $options array:
<code class="php">setcookie($name, $value, [
'expires' => time() + 86400,
'path' => '/',
'domain' => 'domain.example',
'secure' => true,
'httponly' => true,
'samesite' => 'None',
]);</code>
For PHP versions below 7.3:
Apache Configuration:
<code class="apache">Header always edit Set-Cookie (.*) "; SameSite=Lax"</code>
Nginx Configuration:
<code class="nginx">location / {
# set all cookies to secure, HttpOnly, and SameSite=Lax
proxy_cookie_path / "/; secure; HttpOnly; SameSite=Lax";
}</code>
Header Method:
<code class="php">header("Set-Cookie: key=value; path=/; domain=example.org; HttpOnly; SameSite=Lax");</code>
Bug in setcookie Method (deprecated in PHP 7.3):
<code class="php">setcookie('cookie-name', '1', 0, '/; samesite=strict');</code>The above is the detailed content of **How to Set \"SameSite=Strict\" for Cookies in PHP?**. For more information, please follow other related articles on the PHP Chinese website!
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:## Can Dropdown Menus Prevent SQL Injection Attacks?Next article:## Can Dropdown Menus Prevent SQL Injection Attacks?