0

I am using PHP to set_cookie with the HttpOnly secure flag to true. This all going well, but i want to know how can i check whether the cookie set is HttpOnly or not, when user come again to site. If i will not be able to check it then user will make cookie from its side and then i will fetch cookie by $_COOKIE["cookie"] and the value will be there (user had set by Javascript or Devloper Tools). I am doing it for logging in the user and remember it through leaving cookie. If there is any other way, then also suggest that.

Jsowa
  • 9,104
  • 5
  • 56
  • 60
Shivam Shukla
  • 73
  • 1
  • 11
  • Does this answer your question? [Check if httponly cookie exists in Javascript](https://stackoverflow.com/questions/9353630/check-if-httponly-cookie-exists-in-javascript) – Jsowa Oct 16 '20 at 17:46
  • @tajni no this not answer my question, I want to check if the cookie which is already set, is HttpOnly or Not in PHP – Shivam Shukla Oct 16 '20 at 17:50
  • That flag is only intended to stop JavaScript from reading the cookie, it doesn't do anything else. On the client-side, when communicating with a server, the browser only sends cookie names and values. Everything else, including expires, secure, htp-only, domain, path, etc. are **not** sent to the server. If you are worried about cookie tampering, you can [sign cookies or switch to sessions](https://stackoverflow.com/q/523629/231316). – Chris Haas Oct 16 '20 at 18:22
  • You must check then if cookie exists on client-side, and server-side and you will get answer comparing them. – Jsowa Oct 16 '20 at 18:28

0 Answers0