What is Cookie SameSite, what values can this attribute have and how to remove errors in the browser console
In order to improve the security of web resources, new technologies and development tools periodically appear. The appearance of the attribute SameSite Cookie is just such an example. The attribute, when properly configured, is designed to protect against potential attacks through the use of third-party cookies. Correct settings for this attribute also allow you to prevent tracking by cookies, which is often used to personalize ads and collect user data.
What is Cookie SameSite ? It is a cookie extension (introduced in 2016) that is designed to protect against Cross-Site Request Forgery (CSRF for short). But more recently, this Cookie attribute was introduced by Google to its products in an updated form, and therefore it became necessary to set this attribute correctly in order for sites to work without errors. In particular, Google updated the standard and added innovations - now the default value is set to a deny value, which can damage the unified authentication system and cause other errors on the site.
SameSite attribute can have different values :
- None , in this case, no restrictions on cookies are set;
- Strict , a complete ban on sending any Cookie is set;
- Lax , in which case cookies are completely blocked for cross-site requests (including images, iframes, etc.).
To use a secure HTTPS connection, you can also specify an optional Secure attribute . If specified, the Cookie will only be sent over HTTPS and not over normal HTTP.
If cookies are used incorrectly, errors related to this attribute may appear in the browser console. Fixing them is quite simple - just set the SameSite attribute for all cookies and select a suitable value for it.
How to set values for Cookie SameSite ? For example, in PHP language (7.3+) manage such The settings are enabled by the setcookie function, which accepts various cookie settings. The options parameter of this function allows you to set various settings - it accepts an associative array, which can have any of the keys: expires, path, domain, secure, httponly and the samesite we need. If the samesite element is not specified, the SameSite cookie will not be set.
In older versions of PHP, you can manipulate this attribute as follows:
setcookie ('cookie-name', '1', 0, '/; samesite = strict');
Alternatively, you can use Apache settings. For example, to set all the Cookies on the site to the desired values, you should write something like the following in the .htaccess file:
Header always edit Set-Cookie (. *) "$ 1; SameSite = Lax" .
Don't forget about the cookie setting method by sending headers:
header ('Set-Cookie: key = value; path = /; domain = example.org; HttpOnly; SameSite = Lax') .
- 09.11.23IT / Database Errors when migrating from MySQL 5.6 to 5.7 and how to fix them - database dump import failed with an error or INSERT does not work. Disabling STRICT_TRANS_TABLES strict mode or using IGNORE
- 09.07.22IT / Misc Convert office files DOC, DOCX, DOCM, RTF to DOCX, DOCM, DOC, RTF, PDF, HTML, XML, TXT formats without loss and markup changes
- 07.07.22IT / Safety How to protect PHP, JS, HTML, CSS source code - obfuscation, minification, compression and encryption
- 06.07.22IT / Safety Connection not secure, problem with Lets Encrypt - how to fix expired 09/30/2021 DST Root CA X3, remove it manually and install ISRG Root X1. Example on MS Windows 7
- 08.07.21IT / Misc How to make a free translation for a website without an API, translate documents in Google Translate