RE: Secure vs httpOnly cookie flag: is one better?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrew,

Wow, copied and pasted in the wrong link ...no wonder it made no sense - WHOOPS!!
The correct link is: http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-14609

Below are the methods I WAS working with (similar to your recommendation last week - thank you) and expanded with the blog post above recommendations.

@setcookie( $name, $value, $expires, $path, $domain . '; HttpOnly' ); sets http flag but not secure (not included)
@setcookie( $name, $value, $expires, $path, $domain, TRUE ); // sets secure but not http (not included)
@setcookie( $name, $value, $expires, $path, $domain, TRUE . '; HttpOnly' ); // sets secure but not http (included)


What I've landed on in case this helps anyone else is the following:
@setcookie( $name, $value, $expires, $path, $domain . 'secure; HttpOnly' ); // this sets both http flag and secure

What made it work was using the word secure rather than a Boolean value and putting it within the quotes along with HttpOnly. 

Thanks!
Jen



-----Original Message-----
From: Andrew Ballard [mailto:aballard@xxxxxxxxx] 
Sent: Tuesday, August 16, 2011 1:06 PM
To: jen@xxxxxxxxxxxxxxxx
Cc: php-general@xxxxxxxxxxxxx
Subject: Re:  Secure vs httpOnly cookie flag: is one better?

I don't see the relevance of the address you cited above, but if you
are referring to the workaround that I showed you last week --

http://marc.info/?l=php-general&m=131281548332245&w=2

-- you can easily extend the technique to set both flags.


header('Set-Cookie: cookie_name=value; secure; HttpOnly');


Andrew



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux