PHP sets samesite cookies to effectively prevent CSRF

PHP sets samesite cookies, which support all PHP versions.

The setcookie function in PHP 7.3 already supports the samesite attribute, but for versions below 7.3, you can use the following function instead:

<?php
$options = [
    'expires' => time()+18400,
    'domain' => 'localhost',
    'httponly' => false,
    'samesite' => 'Lax',
    'secure' => false,
    'path' => '/'
  ];

function samesite_setcookie($name, $value, array $options)
{
    $header = 'Set-Cookie:';
    $header .= rawurlencode($name) . '=' . rawurlencode($value) . ';';
    if (isset($options['expires'])) {
        $header .= 'expires=' . \gmdate('D, d-M-Y H:i:s T', $options['expires']) . ';';
    }
    if (isset($options['expires'])) {
        $header .= 'Max-Age=' . max(0, (int) ($options['expires'] - time())) . ';';
    }
    if (!empty($options['path'])) {
        $header .= 'path=' . $options['path']. ';';
    }
    if (!empty($options['domain'])) {
        $header .= 'domain=' . rawurlencode($options['domain']) . ';';
    }
    if (!empty($options['secure'])) {
        $header .= 'Secure;';
    }
    if (!empty($options['httponly'])) {
        $header .= 'HttpOnly;';
    }
    if (!empty($options['samesite'])) {
        $header .= 'SameSite=' . rawurlencode($options['samesite']);
    }
    header($header, false);
    $_COOKIE[$name] = $value;
}

samesite_setcookie('hahaha', 'tttttt', $options);
Post Views: 0

Posted

in

by

admin

Tags:

,

AI AJAX API AWS cache callback ChatGPT CORS cron crontab Design pattern docker encryption event express ffmpeg flutter git go hls HTTPS icon JAVA javascript JS jsonp m3u8 Mongodb mysql Nginx nodejs OAuth OpenAi PHP Python React SSL swoole URL video VUE WCGI WebAssembly website WordPress

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *