config/session.php 中的
我目前正在设置这样的cookie(在中间件中(:
cookie()->queue("loginToken", $loginToken, 60*24*365*10);
如何指定SameSite=None?
我用的是Laravel 8。
'same_site' => "none",
cookie函数声明为:
function cookie($name = null, $value = null, $minutes = 0, $path = null, $domain = null, $secure = null, $httpOnly = true, $raw = false, $sameSite = null)
queue只是转发参数,所以你可以做:
cookie()->queue("loginToken", $loginToken, 60*24*365*10, null, null, null, true, false, 'None');
这就是我所做的。请记住,这是在中间件的句柄函数中。
$response = $next($request);
// https://symfony.com/doc/current/components/http_foundation.html#setting-cookies
// https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/HttpFoundation/Cookie.php
$cookie = SymfonyComponentHttpFoundationCookie::create("loginToken")
->withValue($loginToken)
->withExpires(strtotime("+12 months"))
->withSecure(true)
->withHttpOnly(true)
->withSameSite("strict")
;
$response->headers->setCookie($cookie);
您也可以在config/session.php的路径中设置它,但它有点麻烦
'path' => '/; SameSite=None; secure'