how to edit the setcookie code for samesite=lax

Question

I tried several changes but i could not get the solution. How to edit this setcookie code for samesite=lax /or strict

<a href="" onClick="cookienumberone('COOKIEXYZ','0','-1')">
<button type="button">buttontext</button></a>

<script>
    function cookienumberone(){
       days=30; // number of days to keep the cookie
       myDate = new Date();
       myDate.setTime(myDate.getTime()+(days*24*60*60*1000));
       document.cookie = 'COOKIEXYZ=0; expires=' + myDate.toGMTString();
    }
</script>

EDIT: solution for above: document.cookie = 'COOKIEXYZ=0; SameSite=Lax; expires=' + myDate.toGMTString();

and the cookie for the login, the same question:

setcookie("cookie_login",$rs->row["login"],time()+60*60*24*365,"/",str_replace("http://","",surl));

Answer 1

For client-side JavaScript, you specify document.cookie in the same format as the Set-Cookie header.

e.g.

document.cookie = 'same-site-cookie=foo; SameSite=Lax';
document.cookie = 'cross-site-cookie=bar; SameSite=None; Secure';

For you framework, which appears to be PHP, as of PHP 7.3.0 the setcookie() method supports the SameSite attribute in its options and will accept None as a valid value.

setcookie('same-site-cookie', 'foo', ['samesite' => 'Lax']);
setcookie('cross-site-cookie', 'bar', ['samesite' => 'None', 'secure' => true]);

For earlier versions of PHP, you can also set the header() directly:

header('Set-Cookie: same-site-cookie=foo; SameSite=Lax');
header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');