1. For PHP >= v7.3
You can use the $options array to set the samesite value, for example:
setcookie($name, $value, [
'expires' => time() + 86400,
'path' => '/',
'domain' => 'domain.com',
'secure' => true,
'httponly' => true,
'samesite' => 'None',
]);
The value of the samesite element should be either None, Lax or Strict.
Read more in the manual page.
2. For PHP < v7.3
You can use one of the following solutions/workarounds depending on your codebase/needs
2.1 Setting SameSite cookies using Apache configuration
You can add the following line to your Apache configuration
Header always edit Set-Cookie (.*) "$1; SameSite=Lax"
and this will update all your cookies with SameSite=Lax flag
See more here: https://blog.giantgeek.com/?p=1872
2.2 Setting SameSite cookies using Nginx configuration
location / {
# your usual config ...
# hack, set all cookies to secure, httponly and samesite (strict or lax)
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
}
Same here, this also will update all your cookies with SameSite=Lax flag
See more here: https://serverfault.com/questions/849888/add-samesite-to-cookies-using-nginx-as-reverse-proxy
2.3 Setting SameSite cookies using header method
As we know cookies are just a header in HTTP request with the following structure
Set-Cookie: key=value; path=/; domain=example.org; HttpOnly; SameSite=Lax
so we can just set the cookies with header method
header("Set-Cookie: key=value; path=/; domain=example.org; HttpOnly; SameSite=Lax");
In fact, Symfony is not waiting for PHP 7.3 and already doing it under the hood, see here
??You can use same in Laravel too because Laravel under the hood using Symfony's SymfonyComponentHttpFoundationCookie class
2.4 Setting SameSite cookies using a bug in setcookie method
setcookie('cookie-name', '1', 0, '/; samesite=strict');
Be careful with this one, it's a known bug in PHP setcookie method and already resolved in PHP7.3 version, see here - https://github.com/php/php-src/commit/5cb825df7251aeb28b297f071c35b227a3949f01
