Jump to content

Cookie “PHPSESSID” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”


Go to solution Solved by kicken,

Recommended Posts

I am having issues with "SameSite" errors in Forefox.  The server is PHP Version 5.6.40

I get the error in firefox concole

Cookie “PHPSESSID” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”

In my code I have

if(isset($_COOKIE['session_id']))
            session_id($_COOKIE['session_id']);
        session_start();
        if(!isset($_COOKIE['session_id']))
            setcookie('session_id', session_id(), 0, '/', '.site.com');

But the error still shows.  This error shows in both in the main www.site.com and m.site.com subdomain.

How do I fix this please ?

  • Solution

All your cookie code there is redundant.  session_start manages its own cookie, you don't need to do it yourself.

You can control the SameSite value either using the configuration option session.cookie_samesite or the session_set_cookie_params function (before calling session_start).  Example:

session_set_cookie_params([
	'lifetime' => 0
	, 'path' => '/'
	, 'domain' => '.site.com'
	, 'secure' => true
	, 'httponly' => true
	, 'samesite' => 'Lax'
]):
session_start();

 

Here a simple breakdown

 

$cookie_name = 'my_cookie';
$cookie_value = 'my_value';
$cookie_domain = 'www.example.com';
$cookie_lifetime = strtotime('+6 months');

$cookie_options = array(
    'expires' => $cookie_lifetime,
    'path' => '/',
    'domain' => $cookie_domain,
    'secure' => true,
    'httponly' => true,
    'samesite' => 'Lax'
);

setcookie($cookie_name, $cookie_value, $cookie_options);

a login example -

// Verify the username and password
if (verify_credentials($username, $password)) {
    // Generate a unique token
    $token = bin2hex(random_bytes(32));

    // Store the token in the user's database record (or other persistent storage mechanism)
    store_token_in_database($user_id, $token);

    // Set a cookie with the token and a 6-month expiration time
    setcookie('login_token', $token, [
        'expires' => strtotime('+6 months'),
        'path' => '/',
        'domain' => 'example.com',
        'secure' => true,
        'httponly' => true,
        'samesite' => 'Lax'
    ]);

    // Store the token in the user's session
    $_SESSION['login_token'] = $token;

    // Redirect the user to the dashboard or home page
    header('Location: dashboard.php');
    exit;
} else {
    // Invalid username or password
    $error = 'Invalid username or password';
}

 

9 hours ago, kicken said:

All your cookie code there is redundant.  session_start manages its own cookie, you don't need to do it yourself.

You can control the SameSite value either using the configuration option session.cookie_samesite or the session_set_cookie_params function (before calling session_start).  Example:

session_set_cookie_params([
	'lifetime' => 0
	, 'path' => '/'
	, 'domain' => '.site.com'
	, 'secure' => true
	, 'httponly' => true
	, 'samesite' => 'Lax'
]):
session_start();

 

I added this to the start of the initial php script but get a 500 error.

There is a syntax error because I accidentally used a colon instead of semi-colon.

If you only get a generic 500 error for such errors, you might want to look into adjusting your development environment to show proper error messages so it's easier to resolve such problems.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.