Home > Back-end >  PHP setcookie function including samesite parameter does not work
PHP setcookie function including samesite parameter does not work

Time:10-31

Please don't down vote or close this question until you've read my question, i've tried pretty much everything I can find online, so maybe its a simple mistake I am not seeing.

I have a fully working setcookie() php function running using these params...

<?php

setcookie(
  '_siteauth', 
  Crypt::encrypt(site()->password),
  time()   86400,
  '/',
);

?>

The code above sets a cookie everytime with no issues!

But as soon as I attempt to use samesite option the cookie never sets... which is a problem.

I am not running this in a iFrame. I am testing this locally using dockers wordpress image, which I cant see being a problem.

At first after all the online reading, I thought it might be a PHP version conflict, but it failed to work in either tests pre/post PHP version 7.3.0.

After reading https://www.php.net/manual/en/function.setcookie.php

...it says options can be set as associative array including expires, path, domain, secure, httponly and samesite, but everytime I try this php setcookie method it does not set.

This is my locally dumped $_SERVER['HTTP_HOST'] result...

demo.local.mydomain.com

Here are all my local tested code attempts, using $_SERVER['HTTP_HOST'] for domain...

<?php

setcookie(
    '_siteauth',
    Crypt::encrypt(site()->password), 
    [
        'expires' => time()   86400,
        'path' => '/',
        'domain' => $_SERVER['HTTP_HOST'],
        'samesite' => 'None',
        'secure' => false,
        'httponly' => false
    ]
);

?>

<?php

setcookie(
    '_siteauth',
    Crypt::encrypt(site()->password),
    time()   86400,
    '/; SameSite=none'
);

?>

<?php

setcookie(
    '_siteauth',
    Crypt::encrypt(site()->password),
    [
        'expires' => time()   86400,
        'path' => '/',
        'domain' => $_SERVER['HTTP_HOST'],
        'secure' => false,
        'httponly' => false,
        'samesite' => 'None'
    ]
);

?>

And none of these code examples save the _siteauth cookie when executed.

I've tried every variation of php version setcookie() including the samesite key and value but no cookie is saved.

The reason I am changing my previous setcookie() script is because there was a change early in 2020 in chrome with iframe cookie policies, defaulting to samesite Lax. So I need to force samesite None when setting my cookie.

https://web.dev/samesite-cookies-explained/
https://web.dev/samesite-cookie-recipes/

If anyone can see where I'm going wrong, help would be amazing. Thanks.

CodePudding user response:

When you set a cookie with SameSite=None it'll be blocked (by the browser) unless it also has Secure, which is omitted/set to false in the code snippets.

setcookie(
    '_siteauth',
    Crypt::encrypt(site()->password), 
    [
        'expires' => time()   86400,
        'path' => '/',
        'domain' => $_SERVER['HTTP_HOST'],
        'samesite' => 'None',
        'secure' => true,
    ]
);

Page link:https//www.codepudding.com/Backend/173899.html

Prev:Laravel: Optional Date filter not working when receiving string from JS frontend
Next:Laravel/PHP: Conditional Date Filter
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding