Why secure parameter in setCookie() does not have effect?

Question

setcookie("samplecookiename", "sampledata", time()+3600*24*10, '/', 'domain.com', TRUE, TRUE);

This syntax sets the cookie in name samplecookiename with data sampledata with expiry date perfectly. But still I see the cookie is available for all type of connections. What is the issue? The PHP version used in the website is 5.3.27 and in localhost 5.3.8.

Any ideas?

enter image description here

Update: The cookie is also accessible by scripts too. Means the cookie is not set as HTTP only.

enter image description here

possible duplicate of [Google Chrome Cookies - HTTP & HTTPS](http://stackoverflow.com/questions/2289867/google-chrome-cookies-http-https) — Bart Platak, Dec 29 '13 at 16:05
@BartPlatak: I believe it is not. I use the syntax which was accepted there as answer. It does not work. — Sarvap Praharanayuthan, Dec 29 '13 at 16:07
Did you try it with an empty cookie jar? And are you accessing the page via HTTPS? — Gumbo, Dec 29 '13 at 16:12
@Gumbo: I found the issue and posted as an answer. But any idea why the cookie is not set to secure when inside another page which was included by PHP? (Refer my answer). — Sarvap Praharanayuthan, Dec 29 '13 at 16:20
Whether `setcookie` is called in the main file or an included file doesn’t matter. — Gumbo, Dec 29 '13 at 16:37
Yeah but the same line of code if placed directly in the main page it works as expected. — Sarvap Praharanayuthan, Dec 29 '13 at 16:39
Just make sure [you still can change the HTTP header](http://stackoverflow.com/q/8028957/53114). — Gumbo, Dec 29 '13 at 16:40

score -2 · Answer 1 · answered Dec 29 '13 at 15:39

-2

Maybe you are using Chrome as your browser.

answered Dec 29 '13 at 15:39

redwud

174
3
8

...and how does this relate to the question exactly? – deceze Dec 29 '13 at 16:05

Why secure parameter in setCookie() does not have effect?

1 Answers1