As of PHP 7.3.0 the
setcookie() method
supports the SameSite attribute in its options and will accept None as a
valid value.
setcookie('same-site-cookie', 'foo', ['samesite' => 'Lax']);
setcookie('cross-site-cookie', 'bar', ['samesite' => 'None', 'secure' => true]);For earlier versions of PHP, you can also set the
header() directly:
header('Set-Cookie: same-site-cookie=foo; SameSite=Lax', false);
header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure', false);For Session Cookie , you can set into session_set_cookie_params method.
PHP 7.3.0 introduced new attributes for samesite.
if (PHP_VERSION_ID >= 70300) {
session_set_cookie_params([
'lifetime' => $cookie_timeout,
'path' => '/',
'domain' => $cookie_domain,
'secure' => $session_secure,
'httponly' => $cookie_httponly,
'samesite' => 'Lax'
]);
} else {
session_set_cookie_params(
$cookie_timeout,
'/; samesite=Lax',
$cookie_domain,
$session_secure,
$cookie_httponly
);
}