SameSite cookie support
PHP 7.3 now supports the
SameSite flag in cookies.
This flag controls whether the cookie needs to be sent in cross-site requests. See the excellent article on web.dev on how to use it.
I have written a separate post about using SameSite cookies in PHP that explains how to use this flag in session cookies.
In order to set the SameSite flag, you can pass an array of options to the
setcookie('cookie_name', 'cookie_value, [ 'samesite' => 'Lax', // Allowed values: "Lax" or "Strict" 'expires' => time() + 86400, ]);
Backwards compatibility impact
This uses the new syntax supported
setcookie function for setting cookie flags. Since this is the new syntax, there should be no backwards compatibility issues. However, if you would like to use this feature in your projects, you will either need to raise the minimum PHP version to 7.3, or use a custom
header() function call to manually set the cookie.