How to Set a cookie attribute Samesite value in PHP ?

What is samesite cookie in php

We all know most of the website using cookie for sharing information between browsers and the server,so cookie is storing in the local browsers,so their is a probability of misused by other domain which we are using in out html code.for example when am adding Instagram images in my blog tutorialshore.com,i have to use Instagram domain name in my html code to point Instagram images, the cookies in the browser that belong to these other sites will also be sent.Therefore those third parties Instagram can track your activity by using Cookie. Fortunately we have cookie attribute called samesite,by setting a cookie to samesite strict we can prevent third party misuse of cookies.samesite cookie attribute having two values Strict and Lax.AS the name says Strict completely prevent the cookie will not be sent along with requests initiated by third party websites.But in the case of Lax only get method cookie will be sent along with requests initiated by third party websites

Method

 we have a method to accomplish this,which can be done by one of the most common function header() in php


Add cookie Samesite strict by using header() function 

add below header() functions in the top of your home page

header("Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict");

See how we can check a cookie is samesite, we can do with the help of chrome browser as we know almost every browser have the inspect element option, within inspect element tab we have the application section to check cookie see below image.

Click F12 function button

go for application >> cookies


set a cookie samesite value in PHP

See All answers

  1. If I set this method on my project then I am unable to connect with my affiliate system.
    header(“Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict”);
    Please give me any solution.

  2. hi. how to Set a cross-site cookie for third-party contexts
    for eg.. sd.secondsite.com
    Cookies will be kept on on Firstsite.com?

    1. Instead of https://www.tutorialshore.com
      header(“Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict”);

      Can we add sub.secondsite.com and set the attribute to none and strict on the firstname.com.
      One of my chat script is not working, as it set as none.

      Please guide.

Leave a Reply to pooja Cancel reply

Your email address will not be published. Required fields are marked *

Our Tool : hike percentage calculator