本文介绍了PHP setcookie"SameSite = Strict"?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我最近阅读了"Same Site"属性上的"RFC 6265",我看了一些有关2016年4月的文章,"Chrome 51和Opera 39中实现了" same-site"属性...

I recently read "RFC 6265" on the attribute "Same Site", I looked at some articles that talked about that in April 2016, "same-site" attribute has been implemented for Chrome 51 and Opera 39 ...

我想知道当前的PHP是否支持使用此属性创建cookie?

I wonder if current PHP supports creating cookies with this attribute?

参考:

  • Feature documentation on Chrome’s chromestatus.com
  • HTTPbis draft first adopted by Chrome
  • Latest HTTPbis draft

推荐答案

[重要更新:正如@caw在下面指出的那样,此黑客在PHP 7.3中将崩溃.现在就停止使用它,以保护自己免受不愉快的意外!或者至少将其包装在PHP版本检查中,例如if (PHP_VERSION_ID < 70300) { ... } else { ... }.]

[Important update: As @caw pointed out below, this hack WILL BREAK in PHP 7.3. Stop using it now to save yourself from unpleasant surprises! Or at least wrap it in a PHP version check like if (PHP_VERSION_ID < 70300) { ... } else { ... }.]

似乎您可以滥用PHP的"setcookie"函数的"path"或"domain"参数来偷偷使用SameSite属性,因为PHP不能转义分号:

It seems like you can abuse the "path" or "domain" parameter of PHP's "setcookie" function to sneak in the SameSite attribute because PHP does not escape semicolons:

setcookie('samesite-test', '1', 0, '/; samesite=strict');

然后PHP发送以下HTTP标头:

Then PHP sends the following HTTP header:

几分钟前,我刚刚发现了这个问题,因此请进行您自己的测试!我正在使用PHP 7.1.11.

I've just discovered this a few minutes ago, so please do your own testing! I'm using PHP 7.1.11.

这篇关于PHP setcookie"SameSite = Strict"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-05 14:52