Reputation: 14959
Cookie across HTTP and HTTPS in PHP
How can I set a cookie in PHP that is readable both in HTTP and HTTPS?
If this isn't possible, what can be done? Set two cookies?
Upvotes: 35
Views: 22332
Answers (2)
Reputation: 39833
Assuming your domain name remains the same except for the resource type, cookies in PHP (or any language) can be read from both HTTP and HTTPS.
e.g.:
http://www.example.com
https://www.example.com
In this example, the cookies will be readable from each other.
Upvotes: 27
Reputation: 4363
By default, a cookie can be read by both http and https at the same URL.
However, a server can optionally specify the 'secure' flag while setting a cookie this tells the browser to only send it over a secure channel, such as an SSL connection.
In this case the cookie will only be sent over https. A cookie not marked as secure will be sent over both http and https.
Upvotes: 74
Related Questions
- Sending cookies over HTTPS but HTML over HTTP
- Access HTTP on HTTPS page to get Cookie
- Switching between HTTP and HTTPS pages with secure session-cookie
- Is a cookie secure in a HTTPS connection?
- PHP cookie handling
- HTTPS session cookie and post security with PHP
- php access session data between HTTPS and HTTP
- Security concern when I transfer cookie session from HTTPS to HTTP
- PHP SESSION variables between https and http
- Google Chrome Cookies - HTTP & HTTPS