Tag Archives: Chrome same-site cookie

[PHP] Solve the problem that the new version of Chrome’s same-site policy cannot record cookies across domains

In Chrome 80 and above, the same-site policy will be enabled by default

Samesite has the following values

Lax: Only requests from the same origin and top-level domain can carry cookies (equivalent to same-site)
Strict: Only requests from same origin can carry cookies (equivalent to same-origin)
None: No restrictions on the use of cookies, Just use

Solve cross-domain issues:

If you need to send cookies across domains, please use the None enumeration value to select no SameSite restriction. The None command needs to be used with the Secure command
Tip: The None enumeration value is a standard new enumeration value. Some old browsers do not recognize this enumeration value. Cause some problems.

PHP records cookie changes, do not use the setcookie method, directly use the header method to splice cookies:

It must be HTTPS request, the splice must meet cookie text format, for example, the following
record specified expiration time in the cookie value * .sina.net domain
header ( “Set-Cookie: key = value; Expires = expiration time; path = /; domain=.sina.net; SameSite=None; Secure”);

if (strpos($_SERVER[ ' HTTP_USER_AGENT ' ], ' Chrome/8 ' ) !== false ) {
 
    $expireTime =gmdate( " D, d MYH:i:s " , time()+SID_COOKIE_EXPIRE). " GMT " ;
    header( " Set-Cookie: SID= " .$mailSid. " ; expires= " .$expireTime. " ; path=/; domain=.sina.net; SameSite=None; Secure " );
 Secure " ); 
}