SameSite

SameSite

关注
发信
关注(28)粉丝(399)

PHP SameSite会话问题,会话不起作用

本文介绍了PHP SameSite会话问题,会话不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我希望任何人都能给我一些解决我问题的想法.我正在尝试应用SameSite Cookie来使会话正常工作,但似乎不起作用.访问过的网站html:

I hope anybody can give me some ideas to my problem. I am trying to apply SameSite cookie to make session work but it seems it doesn't work. The visited site html:

<iframe src="https://www.example.com/test/iframe.php"></iframe>

iframe源站点:

Iframe source site:

    <?php
    header('Set-Cookie: cross-site-cookie=PHPSESSID; SameSite=None; Secure');
    session_start();
    if(!isset($_SESSION['test'])){
        echo 1;
        $_SESSION['test'] = 'ee2';
    }else{
        echo $_SESSION['test'];
    }

如果我访问该网站,我仍然会收到在https://www.example.com/上设置了与跨站点资源关联的cookie,但没有使用SameSite属性.它已被阻止,因为Chrome现在仅在具有跨站点请求的cookie的情况下(如果将它们设置为SameSite = None和Secure来设置).在浏览器控制台中不会保存消息,并且不会保存会话.

If I visit the website, I still receive A cookie associated with a cross-site resource at https://www.example.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. message in browser console and session is not saved.

奇怪的是,实际上已经设置了cookie:

Strange thing is that the cookie has been actually set:

我错过了什么吗?如果设置了跨站点cookie,为什么在控制台中会收到此消息?会话无法工作的原因可能是什么?我正在使用php 7.1.33.如果我直接打开iframe,它会正常工作,而且如果我使用浏览器打开该网站(在默认情况下未启用Samesite cookie标志进行测试)的情况下,它也可以正常工作.

Am I missing something? Why do I get this message in console if cross-site-cookie is set and what could be reasons for session to not work? I am using php 7.1.33. If I open iframe directly, it works and it also works properly if I open the site with browser where I haven't enabled the SameSite by default cookies flag for testing.

推荐答案

设置会话&Cookies param php: https://www.php.net/manual/zh-CN/function.session-set-cookie-params.php 浏览器: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Set session & cookies param php: https://www.php.net/manual/en/function.session-set-cookie-params.phpBrowser:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

<?php
session_set_cookie_params(["SameSite" => "Strict"]); //none, lax, strict
session_set_cookie_params(["Secure" => "true"]); //false, true
session_set_cookie_params(["HttpOnly" => "true"]); //false, true
session_start(); //everything before this

或php.ini:

[Session]
session.cookie_samesite = "Strict"
session.cookie_secure = 1
session.cookie_httponly = 1

这篇关于PHP SameSite会话问题,会话不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-11 17:08
Powered by LMLPHP ©2024 SameSite 0.037759