How to set cookies HTTPOnly and secure attributes?

Question

How to check cookies HTTPOnly and secure attribute?

I have an issue with cookies not containing the HTTPOnly and secure attribute.

So I use this code to solve it.

<?php
$name_cookie = '1';
$value_cookie = '2';
$expirationTime_cookie = 0;    // Session cookie.
$path_cookie = '/';
$domain_cookie = 'example.com';
$isSecure_cookie = true;
$isHttpOnly_cookie = true;
setcookie($name_cookie, $value_cookie, $expirationTime_cookie, $path_cookie, $domain_cookie, $isSecure_cookie, $isHttpOnly_cookie);
?>

I want to know, if I use the above code, will the issue with cookies not containing the HTTPOnly and secure attributes, be solved or not?

Possible duplicate of [Set httpOnly and secure on PHPSESSID cookie in PHP](http://stackoverflow.com/questions/6821883/set-httponly-and-secure-on-phpsessid-cookie-in-php) — markwalker_, Jun 21 '16 at 18:54
So, did you try it yourself and it didn't work or what is your problem? Because I see the `secure` and `httponly` get set in the HTTP response. — gre_gor, Jun 21 '16 at 20:57

score 2 · Answer 1 · answered Nov 04 '16 at 07:38

2

At webserver config:

php_flag session.cookie_httponly on
php_flag session.cookie_secure on

or in your PHP code, above cookie use:

ini_set( 'session.cookie_httponly', 1 );
ini_set( 'session.cookie_secure', 1 );

answered Nov 04 '16 at 07:38

Kunegunda Gburia-Furia

23
6

How to set cookies HTTPOnly and secure attributes?

1 Answers1