Category: Others

What is samesite cookie in php

We all know most of the website using cookie for sharing information between browsers and the server,so cookie is storing in the local browsers,so their is a probability of misused by other domain which we are using in out html code.for example when am adding Instagram images in my blog tutorialshore.com,i have to use Instagram domain name in my html code to point Instagram images, the cookies in the browser that belong to these other sites will also be sent.Therefore those third parties Instagram can track your activity by using Cookie. Fortunately we have cookie attribute called samesite,by setting a cookie to samesite strict we can prevent third party misuse of cookies.samesite cookie attribute having two values Strict and Lax.AS the name says Strict completely prevent the cookie will not be sent along with requests initiated by third party websites.But in the case of Lax only get method cookie will be sent along with requests initiated by third party websites

Method

 we have a method to accomplish this,which can be done by one of the most common function header() in php


Add cookie Samesite strict by using header() function 

add below header() functions in the top of your home page

header("Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict");

See how we can check a cookie is samesite, we can do with the help of chrome browser as we know almost every browser have the inspect element option, within inspect element tab we have the application section to check cookie see below image.

Click F12 function button

go for application >> cookies

As we know Cookie is often used for identifying user data, when user opening a website, cookie stores information about the user in the browser, Each time the same system requests a page with in a same browser, it will send the cookie too.So when we are considering about the security it is a programmer duty to make it more secure when it exchanging between browser and server,nowadays it is easy to access other website cookie and get the flow of the website using that cookie information.So here am going explain you how to make a cookie secure and httponly in PHP .we have lot of method to accomplish this task,lets have a look on it.

Method 1

Make cookie secure using PHP.ini 

if you have the permission to access php.ini you can open and add below code at the end of php.ini to make your cookie secure and httponly

session.cookie_httponly=On
session.cookie_secure=On

Method 2

if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this, which can be done by one of the most common function ini_set();


Make cookie secure using ini_set() function

add below ini_set() functions in the top of your home page

ini_set('session.cookie_httponly',1);
ini_set('session.use_only_cookies',1);
ini_set('session.cookie_secure', 1);

Method 3

if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this,which can be done by one of the most common function header() in php


Make cookie secure using header() function

add below header() functions in the top of your home page

header("Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict");

See how we can check a cookie is secure and httponly, we can do with the help of chrome browser as we know almost every browser have the inspect element option, within inspect element tab we have the application section to check cookie see below image.
Click F12 function button go for application => cookies

To insert new key value pair inside a multidimensional associative array in PHP
Here am going to explain in details
We have a sample array we need to add Version4 and its value inside the array

$list_array = array( 
            0 => array (
               "Version1" => 2016,
               "Version2" => 2017,	
               "Version3" => 2018
            ),
            
            1 => array (
               "Version1" => 2016,
               "Version2" => 2017,	
               "Version3" => 2018
            )
         );

Here am using for each mange that

 foreach($list_array as $key=>$valuue)
	 {
	  $list[$key]=$listvalue;
	  $list[$key]['Version4']= 2019;
	 }
       print_r($list);

Result

 
array( 
            0 => array (
               "Version1" => 2016,
               "Version2" => 2017,	
               "Version3" => 2018,
               "Version4" => 2019
          
              
            ),
            
            1 => array (
               "Version1" => 2016,
               "Version2" => 2017,	
               "Version3" => 2018,
               "Version4" => 2019
            )
         );

Most of the user oriented website are slowly changing from email and password based login to OTP based login.so for a developer it is necessary to know how to create on OTP based login, here am going to share you Sample PHP code for sending OTP.

First you have to Register with any of the SMS Service providers ,here am using mysmsmantra.Here we are achieving with the help of CURL in PHP,this is the URL API from mysmsmantra for sedning OTP http://bulksms.mysmsmantra.com/WebSMS/SMSAPI.jsp?username=YOUR_USERNAME&password=YOUR_PASSWORD&sendername=rahaul&mobileno=*******&message=your OTP
where YOUR_USERNAME and YOUR_PASSWORD are respectively user name and password from mysmsmantra.

$otp=rand(100000, 999999);
$msg="Dear Customer, One Time Password for activating your account is :".$otp;
$message=urlencode($msg); 
$messageUrl="http://bulksms.mysmsmantra.com/WebSMS/SMSAPI.jsp?username=YOUR_USERNAME&password=YOUR_PASSWORD&sendername=rahaul&mobileno=*******&message=".$message; 
//YOUR_USERNAME and YOUR_PASSWORD are respectively from mysmsmantra
$ch = curl_init($messageUrl); 
$fp = fopen("message.txt", "w+"); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_FILE, $fp); 
curl_setopt($ch, CURLOPT_HEADER, 0); 
curl_exec($ch); curl_close($ch); 

fclose($fp);