PHP SameSite session problem, session doesn't work
I hope anybody can give me some ideas to my problem. I am trying to apply SameSite cookie to make session work but it seems it doesn\'t work. The visited site html:
-
I wrote a class for this.
https://github.com/ovunctukenmez/SameSiteSessionStarter
It also checks if the browser supports samesite parameter properly.
Instead of session_start();
Use like the this:<?php require_once 'SameSiteSessionStarter.php'; //start samesite none php session SameSiteSessionStarter::session_start();讨论(0) -
I resolved it by editing .htaccess
<ifmodule mod_headers.c> Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </ifmodule>讨论(0) -
I temporary resolved my problem using htaccess:
Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure讨论(0) -
I found that this worked for me - setting SameSite as "None" - and some more info on what that means here.
Apparently, browsers no longer allow you to set whatever you want in an iframe, I was trying to handle a session in an iframe, loaded on a different domain and while doing that, I noticed that a different session was being created for the OTHER domain instead of what I was loading in the iframe. This seems to have fixed it. I am still testing but it's the first thing that worked since I started looking for a fix this morning.
讨论(0) -
Set session & cookies param php: https://www.php.net/manual/en/function.session-set-cookie-params.php Browser: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
<?php session_set_cookie_params(["SameSite" => "Strict"]); //none, lax, strict session_set_cookie_params(["Secure" => "true"]); //false, true session_set_cookie_params(["HttpOnly" => "true"]); //false, true session_start(); //everything before thisOR php.ini:
[Session] session.cookie_samesite = "Strict" session.cookie_secure = 1 session.cookie_httponly = 1讨论(0) -
I resolved it by:
<?php session_start(); header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=None; Secure');讨论(0)
加载中...
- 热议问题