PHP session.cookie_secure实际上并没有将cookie设置为安全
[英]PHP session.cookie_secure does not actually set the cookie to secure
问题描述
In my php.ini confirmed I have: 
在我的php.ini确认我有:
session.cookie_secure = 1
Also, doing: 另外,做:
<?php print_r(session_get_cookie_params()); ?>
Results in: 结果是:
Array ( [lifetime] => 0 [path] => / [domain] => [secure] => 1 [httponly] => 1 )
However, inspecting a page in my application with Chrome Developer tools, going to cookies, it lists that sessions cookie is not secure, and not http only. 然而,在我和Chrome开发者工具的应用中检查页面,将饼干,它列出了会话cookie被不安全的,只有不是http。
1 个解决方案
解决方案1
2 已采纳 2014-01-20 18:39:22
Similar to my answer in another question , Chrome developer tools always show blank Secure and HTTP attributes when the cookie is sent in the request. 与我在另一个问题中的答案类似,Chrome开发人员工具在请求中发送Cookie时始终显示空白的Secure和HTTP属性。 This is because the fact that a cookie is secure or HTTP only is not actually sent in a HTTP request. 这是因为cookie是安全的或仅HTTP实际上并未在HTTP请求中发送。 All that is sent is the name/value pair in the Cookie HTTP request header: 发送的所有内容都是Cookie HTTP请求标头中的名称/值对:
Cookie: name=value
Try an extension such as Edit This Cookie which will show whether the cookie has been successfully set as secure and HTTP Only. 尝试使用编辑此Cookie的扩展程序,该扩展程序将显示Cookie是否已成功设置为安全且仅限HTTP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.