Setting the HttpOnly Flag – PHP

/0 Comments/in /by

PHP supports setting the HttpOnly flag since version 5.2.0 (November 2006).

For session cookies managed by PHP, the flag is set either permanently in php.ini through the parameter:

session.cookie_httponly = True

Method#1 By using ini_set function before using setcookie function.

Add the following code on the page:

ini_set("session.cookie_httponly", 1);
setcookie("name", "value", NULL, NULL, NULL, NULL, TRUE);

Method#2 By using session_set_cookie_params function before using setcookie function

Add the following code on the page:

session_set_cookie_params(0, NULL, NULL, NULL, TRUE);
setcookie("name", "value", NULL, NULL, NULL, NULL, TRUE);

Method#3 By using setcookie function

Add the following code while creating cookie (not necessarily a session cookie):

setcookie("name", "value", NULL, NULL, NULL, NULL, TRUE);

References

http://php.net/manual/en/function.setcookie.php
http://php.net/manual/en/function.session-set-cookie-params.php
http://php.net/manual/en/session.configuration.php#ini.session.cookie-ht…

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *