Re: Secure vs httpOnly cookie flag: is one better?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 16, 2011 at 1:01 PM, Jen Rasmussen <jen@xxxxxxxxxxxxxxxx> wrote:
> Thank you in advance for your input on my question here .
>
>
>
> I am currently running PHP 5.1.6 and would prefer to set both the secure and
> httpOnly flags for a session cookie,
>
> however, httpOnly is not added until PHP 5.2. I have found an elegant way to
> set it ( courtesy of : http://www.youtube.com/watch?v=UW0UhYfs1es ) but I am
> unable to set both the secure and the httpOnly flags. I realize the post is
> quite old, but doh!, so is my version of PHP J
>
>
>
> My guess is that if forced to choose, I should opt for secure but would
> prefer to do so with any opinions you may offer in mind.

I don't see the relevance of the address you cited above, but if you
are referring to the workaround that I showed you last week --

http://marc.info/?l=php-general&m=131281548332245&w=2

-- you can easily extend the technique to set both flags.


header('Set-Cookie: cookie_name=value; secure; HttpOnly');


Andrew

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux