如何告诉PHP对跨站点Cookie使用SameSite = None? [英] How to tell PHP to use SameSite=None for cross-site cookies?

问题描述

根据此处的文章 https://php.watch/articles/PHP-Samesite-cookies 和 https://www.php.net上的PHP文档./manual/en/session.security.ini.php ，此新功能只有2个可能的配置选项，已在PHP 7.3中添加:

According to the article here https://php.watch/articles/PHP-Samesite-cookies and PHP documenation at https://www.php.net/manual/en/session.security.ini.php, There are only 2 possible config options for this new feature, added in PHP 7.3:

1. session.cookie_samesite =松懈
2. session.cookie_samesite =严格

但是，根据Chrome控制台，需要将其设置为无":

Yet, according to the Chrome console, this needs to be set to "None":

设置了与URL上的跨站点资源关联的cookie，但未设置SameSite属性.它已被阻止，因为Chrome现在仅在跨站点请求中将Cookie设置为SameSite=None和Secure时才传递.您可以在Application> Storage> Cookies下的开发人员工具中查看Cookie，并在URL和URL上查看更多详细信息.

A cookie associated with a cross-site resource at URL was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at URL and URL.

因此，我无法再设置跨站点Cookie.解决方法是什么?

Because of this, I can no longer set cross-site cookies. What is the workaround?

推荐答案

您可以使用

You can set the value to "None" using ini_set. There's no check that the value is supported when that function is used:

ini_set('session.cookie_samesite', 'None');
session_start();

session_set_cookie_params 也可以设置它:

session_set_cookie_params can also set it:

session_set_cookie_params(['samesite' => 'None']);
session_start();

要在php.ini中支持的错误报告是此处

The bug report for this to be supported in php.ini is here.

这篇关于如何告诉PHP对跨站点Cookie使用SameSite = None?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！