https://github.com/selective-php/samesite-cookie

Secure your site with SameSite cookies
https://github.com/selective-php/samesite-cookie

cookies csrf php samesite-cookies

Last synced: about 1 year ago
JSON representation

Secure your site with SameSite cookies

• Host: GitHub
• URL: https://github.com/selective-php/samesite-cookie
• Owner: selective-php
• License: mit
• Created: 2019-09-10T20:18:26.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2023-09-09T21:31:39.000Z (over 2 years ago)
• Last Synced: 2025-03-29T12:05:06.368Z (about 1 year ago)
• Topics: cookies, csrf, php, samesite-cookies
• Language: PHP
• Homepage:
• Size: 25.4 KB
• Stars: 10
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# selective/samesite-cookie

A PSR-15 middleware to secure your site with SameSite cookies :cookie:

[![Latest Version on Packagist](https://img.shields.io/github/release/selective-php/samesite-cookie.svg)](https://packagist.org/packages/selective/samesite-cookie)

[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg)](LICENSE)

[![Build Status](https://github.com/selective-php/samesite-cookie/workflows/build/badge.svg)](https://github.com/selective-php/samesite-cookie/actions)

[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/selective-php/samesite-cookie.svg)](https://scrutinizer-ci.com/g/selective-php/samesite-cookie/code-structure)

[![Quality Score](https://img.shields.io/scrutinizer/quality/g/selective-php/samesite-cookie.svg)](https://scrutinizer-ci.com/g/selective-php/samesite-cookie/?branch=master)

[![Total Downloads](https://img.shields.io/packagist/dt/selective/samesite-cookie.svg)](https://packagist.org/packages/selective/samesite-cookie/stats)

## Requirements

* PHP 8.1+

## Installation

```

composer require selective/samesite-cookie

```

## SameSite cookies

![image](https://user-images.githubusercontent.com/781074/64995066-95404c80-d8da-11e9-975f-bdbbf55bd311.png)

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate 

the risk of CSRF and information leakage attacks by asserting that a particular 

cookie should only be sent with requests initiated from the same registrable domain.

**Warning:** SameSite cookies doesn't work at all for old Browsers and 

also not for some Mobil Browsers e.g. IE 10, Blackberry, Opera Mini, 

IE Mobile, UC Browser for Android.

Further details can be found here:

* [SameSite cookies explained](https://web.dev/samesite-cookies-explained)

* [CSRF is (really) dead](https://scotthelme.co.uk/csrf-is-really-dead/)

* [PHP setcookie “SameSite=Strict”?](https://stackoverflow.com/questions/39750906/php-setcookie-samesite-strict)

* [How to Set a cookie attribute Samesite value in PHP ?](https://www.tutorialshore.com/how-to-set-a-cookie-attribute-samesite-value-in-php/)

* [Can I use SameSite?](https://caniuse.com/#feat=same-site-cookie-attribute)

## Slim 4 integration

```php

add(new SameSiteCookieMiddleware());

// ...

$app->run();

```

**Example with configuration and the session starter middleware.**

Slim 4 uses a LIFO (last in, first out) middleware stack,

so we have to add the middleware in reverse order:

```php

add(new SameSiteCookieMiddleware($configuration));

// Optional: Start the PHP session

// Use this middleware only if you have no other session starter middleware

$app->add(new SameSiteSessionMiddleware());

// ...

$app->run();

```

## License

The MIT License (MIT). Please see [License File](LICENSE) for more information.