stackoom
  简体   繁体   中英

How to secure cookies in php?

 原文  2021-02-03 09:49:40       php/ security/ session-cookies

Question

How does session_set_cookie_params work? I want to ensure all cookies are set with httponly=true , and secure=true . But instead of adding these arguments to every call to setcookie(), I can just - before session_start() - set them in session_set_cookie_params() ? And henceforth, every call to setcookie sets those params i each and every cookie? That would save a lot of tedious work (and surely error-prone). I would imagine something like this

$cookieParams = session_get_cookie_params();
$cookieParams['httponly'] = true;
$cookieParams['secure'] = true;
session_set_cookie_params($cookieParams);
session_start();

So now, if I do:

 setcookie("ABC_user", "", time()+3600);

That cookie has those params in argument 6 and 7 set? Is there a way to check that it works? Or is there an even better way to accomplish this?

1 answers

solution1
 1 ACCPTED  2021-02-03 15:18:04

This simple code will give you what you want.

function set_cookie($name,$content,$time){
$http_only = true;
$secure = true;
$path = "/";
$domain = ".example.com"; // Include All Subdomains
setcookie($name,$content,$time,$path,$domain,$secure,$http_only);
}

set_cookie("ABC_user", "", time() + 3600);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How Secure Is This Login System? (Using Cookies In PHP) secure sessions/cookies in php Are the cookies for PHP sessions secure? Secure cookies in PHP sessions PHP secure session and cookies Php cannot read secure cookies Setting secure session cookies in php creating secure php session cookies Creating a secure login using sessions and cookies in PHP Passing secure cookies to PHP via AJAX
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM