PHP SameSite session problem, session doesn't work

后端 未结 6 1658
醉梦人生
醉梦人生 2021-02-15 18:34

I hope anybody can give me some ideas to my problem. I am trying to apply SameSite cookie to make session work but it seems it doesn\'t work. The visited site html:



        
相关标签:
6条回答
  • 2021-02-15 18:44

    I wrote a class for this.

    https://github.com/ovunctukenmez/SameSiteSessionStarter

    It also checks if the browser supports samesite parameter properly.

    Instead of session_start();
    Use like the this:

    <?php
    require_once 'SameSiteSessionStarter.php';
    
    //start samesite none php session
    SameSiteSessionStarter::session_start();
    
    0 讨论(0)
  • 2021-02-15 18:50

    I resolved it by editing .htaccess

    <ifmodule mod_headers.c>
    Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
    </ifmodule> 
    
    0 讨论(0)
  • 2021-02-15 18:51

    I temporary resolved my problem using htaccess:

    Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
    
    0 讨论(0)
  • 2021-02-15 18:53

    I found that this worked for me - setting SameSite as "None" - and some more info on what that means here.

    Apparently, browsers no longer allow you to set whatever you want in an iframe, I was trying to handle a session in an iframe, loaded on a different domain and while doing that, I noticed that a different session was being created for the OTHER domain instead of what I was loading in the iframe. This seems to have fixed it. I am still testing but it's the first thing that worked since I started looking for a fix this morning.

    0 讨论(0)
  • 2021-02-15 19:00

    Set session & cookies param php: https://www.php.net/manual/en/function.session-set-cookie-params.php Browser: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

    <?php
    session_set_cookie_params(["SameSite" => "Strict"]); //none, lax, strict
    session_set_cookie_params(["Secure" => "true"]); //false, true
    session_set_cookie_params(["HttpOnly" => "true"]); //false, true
    session_start(); //everything before this
    

    OR php.ini:

    [Session]
    session.cookie_samesite = "Strict"
    session.cookie_secure = 1
    session.cookie_httponly = 1
    
    0 讨论(0)
  • 2021-02-15 19:02

    I resolved it by:

    <?php
    
    session_start();
    header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=None; Secure');
    
    0 讨论(0)
提交回复
热议问题