For a while now, the SameSite attribute has been used on cookies to define how cookies should be handled across various domains. You can find descriptions that are much better than I’m going to give you.
For folks who are on PHP prior to version 7.3 (either due to that being what is current for your OS, inability to update, etc)… You can leverage this script to make that happen.
After you call session_start();
You can call addSameSite(“Lax”) or addSameSite(“Strict”) depending on what you want.
This will pull in the session directives from PHP.INI, and simply overwrite the Set-Cookie line with the values, as well as the cookie value.
PHP 7.3 adds native support, but like all things security, is a bit late.
License is: MIT
When you’re done, make sure you did it right over at my header scanner site Header Inspector!