php - sameSite error but cookies are not being set explicitly

View Original

one text

Can someone show me how to set the cookie so the error message goes away? I added:

<?php setcookie("headers", "", [    
    'expires' => time() + 86400,    
    'path' => '/',    
    'domain' => 'localhost',    
    'secure' => true,    
    'httponly' => true,
    'samesite' => 'strict',    
]); ?>

to the top of header_form.php but it doesn't seem to do anything.

When I view the following on localhost:

header_form.php:

<html>
<head>
    <title></title>
    <link rel="stylesheet" href="../public/css/header.css">
    <link rel="icon" type="image/png" href="../favicon.png">    
</head>   
<body>
    <div class="container">
        <img id="swb" src="https://www.sailwbob.com/images/swb.png" alt="SwB">
        <div class="img-container">
            <img class="lround small" src="https://www.sailwbob.com/images/img-1.png" alt="img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-2.png" alt"img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-3.png" alt="img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-4.png" alt="img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-5.png" alt="img-1">
            <img class="rround small" src="https://www.sailwbob.com/images/img-6.png" alt="img-1">
        </div>
    </div>
</body>
</html>

the first time I get no errors in chrome. On reload I get a sameSite error:

Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie??�s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.
1 cookie
Name    Domain & Path
headers www.sailwbob.com/
7 requests
swb.png
img-6.png
img-5.png
img-3.png
img-4.png
img-2.png
img-1.png

Where is the headers cookie being set and how do I fix the error?

Source
© 2021
E-mail: contact@webdevask.com
Back to top