How to Set a cookie attribute Samesite value in PHP ?

What is samesite cookie in php

We all know most of the website using cookie for sharing information between browsers and the server,so cookie is storing in the local browsers,so their is a probability of misused by other domain which we are using in out html code.for example when am adding Instagram images in my blog tutorialshore.com,i have to use Instagram domain name in my html code to point Instagram images, the cookies in the browser that belong to these other sites will also be sent.Therefore those third parties Instagram can track your activity by using Cookie. Fortunately we have cookie attribute called samesite,by setting a cookie to samesite strict we can prevent third party misuse of cookies.samesite cookie attribute having two values Strict and Lax.AS the name says Strict completely prevent the cookie will not be sent along with requests initiated by third party websites.But in the case of Lax only get method cookie will be sent along with requests initiated by third party websites

Method

 we have a method to accomplish this,which can be done by one of the most common function header() in php


Add cookie Samesite strict by using header() function 

add below header() functions in the top of your home page

header("Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict");

See how we can check a cookie is samesite, we can do with the help of chrome browser as we know almost every browser have the inspect element option, within inspect element tab we have the application section to check cookie see below image.

Click F12 function button

go for application >> cookies


set a cookie samesite value in PHP

How to install Django python framework in windows 10

We know Django is the most popular python framework ,it only work with python installed system,before starting Django we should install python.So lets see how to install python in windows 10. Fortunately installing python is so easy

Step 1)

Install python in windows 10

First you need to get the python installer,as of now latest python version that support Django is Python 3.6.7. Go to https://www.python.org/downloads/ and Download Python 3.6.7 and install don’t forget to tick add python 3.6 tp PATH,it will assign PATH variable

python-Django-step1

Step 2)

Check python installed successfully

open CMD in windows

c:/users>python
will respond like below
Python 3.6.7 (v3.6.7:6ec5cf24b7, Oct 20 2018, 13:35:33) [MSC v.1900 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.

python-Django-step2

Step 3)

install pip if not installed in your system

D:\my_project >

Step 4)

Create a project directory, you can create project directory anywhere in your system,here we are created in D drive with name my_project
then move current directory to project directory in CMD

D:\my_project >


Step 5)

Install virtual environment using pip
D:\my_project>pip install virtualenv

Create a virtual environment with name env_mysite you can rename anything as per your reference

D:\my_project>virtualenv env_mysite

install django in windows 10

Step 6)

Activate virtualenv
D:\my_project>env_mysite\scripts\activate

env_mysitePS D:\my_project>

Step 7)

Install django

env_mysitePS D:\my_project>pip install "django>=2.1,<2.2"

Step 8)

Create A New project

env_mysitePS D:\my_project>django-admin startproject myweb_site

Step 9)

Change Directory

env_mysitePS D:\my_project>Cd myweb_site

Step 10)

Run developemnt server

env_mysitePS D:\my_project> python manage.py runserver 

install-django-in-windows-10-step9

Finshed

Open http://127.0.0.1:8000/ in any browsers

install-django-in-windows-10-step-1

Congratulation you have installed Python django framework
Note:
Update latest changes in djnago

python manage.py makemigrations

python manage.py migrate

How to create a small project using Django

How to make a cookie secure and httponly in PHP ?

As we know Cookie is often used for identifying user data, when user opening a website, cookie stores information about the user in the browser, Each time the same system requests a page with in a same browser, it will send the cookie too.So when we are considering about the security it is a programmer duty to make it more secure when it exchanging between browser and server,nowadays it is easy to access other website cookie and get the flow of the website using that cookie information.So here am going explain you how to make a cookie secure and httponly in PHP .we have lot of method to accomplish this task,lets have a look on it.

Method 1

Make cookie secure using PHP.ini 

if you have the permission to access php.ini you can open and add below code at the end of php.ini to make your cookie secure and httponly

session.cookie_httponly=On
session.cookie_secure=On

Method 2

if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this, which can be done by one of the most common function ini_set();


Make cookie secure using ini_set() function

add below ini_set() functions in the top of your home page

ini_set('session.cookie_httponly',1);
ini_set('session.use_only_cookies',1);
ini_set('session.cookie_secure', 1);

Method 3

if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this,which can be done by one of the most common function header() in php


Make cookie secure using header() function

add below header() functions in the top of your home page

header("Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict");

See how we can check a cookie is secure and httponly, we can do with the help of chrome browser as we know almost every browser have the inspect element option, within inspect element tab we have the application section to check cookie see below image.
Click F12 function button go for application => cookies

make a cookie secure and httponly in PHP