Thanks, Andrew! I am unfortunately not even running 5.2..so that helps. Jen -----Original Message----- From: Andrew Ballard [mailto:aballard@xxxxxxxxx] Sent: Monday, August 08, 2011 9:57 AM To: jen@xxxxxxxxxxxxxxxx Cc: php-general@xxxxxxxxxxxxx Subject: Re: PHP Security: Best Practices On Mon, Aug 8, 2011 at 10:08 AM, Jen Rasmussen <jen@xxxxxxxxxxxxxxxx> wrote: [snip] > > On a side note, PHP versions prior to 5.3+ do not allow to set the httponly > flag as a cookie parameter, is there any acceptable alternative for this? I believe that has been supported since 5.2.0. As for a workaround for versions before that, I found this pretty quickly through Google: http://stackoverflow.com/questions/36877/how-do-you-set-up-use-httponly-cookies-in-php Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
