Perry J
Reputation: 365
How to secure cookies in php?
How does session_set_cookie_params work?
I want to ensure all cookies are set with httponly=true, and secure=true.
But instead of adding these arguments to every call to setcookie(), I can
just - before session_start() - set them in session_set_cookie_params()?
And henceforth, every call to setcookie sets those params i each and every cookie?
That would save a lot of tedious work (and surely error-prone).
I would imagine something like this
$cookieParams = session_get_cookie_params();
$cookieParams['httponly'] = true;
$cookieParams['secure'] = true;
session_set_cookie_params($cookieParams);
session_start();
So now, if I do:
setcookie("ABC_user", "", time()+3600);
That cookie has those params in argument 6 and 7 set? Is there a way to check that it works? Or is there an even better way to accomplish this?
Upvotes: 0
Views: 907
Answers (1)
WhereIsBurak
Reputation: 69
This simple code will give you what you want.
function set_cookie($name,$content,$time){
$http_only = true;
$secure = true;
$path = "/";
$domain = ".example.com"; // Include All Subdomains
setcookie($name,$content,$time,$path,$domain,$secure,$http_only);
}
set_cookie("ABC_user", "", time() + 3600);
Upvotes: 1
Related Questions
- How can i secure cookie in php?
- Cookies security
- PHP sessions security
- Securing session and cookies
- Creating a secure login using sessions and cookies in PHP
- php security for cookies and sessions
- creating secure php session cookies
- How Can I Secure the Cookie?
- Secure cookies in PHP sessions
- secure sessions/cookies in php