如何告诉PHP对跨站点Cookie使用SameSite = None? [英] How to tell PHP to use SameSite=None for cross-site cookies?
问题描述
根据此处的文章 https://php.watch/articles/PHP-Samesite-cookies 和 https://www.php.net上的PHP文档./manual/en/session.security.ini.php ,此新功能只有2个可能的配置选项,已在PHP 7.3中添加:
According to the article here https://php.watch/articles/PHP-Samesite-cookies and PHP documenation at https://www.php.net/manual/en/session.security.ini.php, There are only 2 possible config options for this new feature, added in PHP 7.3:
- session.cookie_samesite =松懈
- session.cookie_samesite =严格
但是,根据Chrome控制台,需要将其设置为无":
Yet, according to the Chrome console, this needs to be set to "None":
设置了与URL上的跨站点资源关联的cookie,但未设置
SameSite
属性.它已被阻止,因为Chrome现在仅在跨站点请求中将Cookie设置为SameSite=None
和Secure
时才传递.您可以在Application> Storage> Cookies下的开发人员工具中查看Cookie,并在URL和URL上查看更多详细信息.
A cookie associated with a cross-site resource at URL was set without the
SameSite
attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set withSameSite=None
andSecure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at URL and URL.
因此,我无法再设置跨站点Cookie.解决方法是什么?
Because of this, I can no longer set cross-site cookies. What is the workaround?
推荐答案
You can set the value to "None" using ini_set
. There's no check that the value is supported when that function is used:
ini_set('session.cookie_samesite', 'None');
session_start();
session_set_cookie_params
也可以设置它:
session_set_cookie_params
can also set it:
session_set_cookie_params(['samesite' => 'None']);
session_start();
要在php.ini中支持的错误报告是此处
The bug report for this to be supported in php.ini is here.
这篇关于如何告诉PHP对跨站点Cookie使用SameSite = None?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!