Is there a way to check if a cookie is httponly in PHP

Question

Is there a way to check if the cookie is httponly in php?

For cookies that are *about to be set*, you can query `session_get_cookie_params()`. For cookies that are being set *in the current request*, you can use [`ResponseHeader::get('Cookie')`](https://github.com/delight-im/PHP-HTTP/blob/master/src/ResponseHeader.php#L23) and [`Cookie::parse($cookieHeader)`](https://github.com/delight-im/PHP-Cookie/blob/004cde69ec840e65c15275e09b92ecb1da06f357/src/Cookie.php#L287). And, finally, for all cookies that *have already* been set, you're out of luck. — caw, Sep 21 '16 at 02:49

score 5 · Answer 1 · answered Sep 23 '10 at 15:30

5

I don't think that's possible, because this information is not included in the raw headers sent by the browser. In fact, it doesn't make sense to send flags like these back to the server, because they are meaningless to the server and only wastes bandwidth.

answered Sep 23 '10 at 15:30

NullUserException

83,810
28
209
234

score 1 · Accepted Answer · answered Sep 23 '10 at 20:39

1

Well, yes. You'll find it in the array returned by session_get_cookie_params, as long as your PHP is 5.2.0 or newer.

answered Sep 23 '10 at 20:39

djn

3,950
22
21

1

The OP is reffering to any cookie and your answer seems to be only about session cookie. – Sergey Grechin May 24 '16 at 13:54
NO! `session_get_cookie_params()` just gets global values from `php.ini`, not for specific cookie. – T.Todua Feb 17 '18 at 08:59

Is there a way to check if a cookie is httponly in PHP

2 Answers2

Linked