Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am interested in learning more about the secure parameter of the function session_set_cookie_params().
Can you tell me how to utilize this properly? If this function is executed on a page that is not secure (but on a server that does have SSL), will it somehow send it securely or do I have to force SSL on the page this function is executed from on my own?
It means that the client will only send that cookie through a secure (HTTPS) connection. This means you’ll have to forward the user to a secure URL in order for the cookie to get sent to the server.
You can set a secure cookie through an insecure connection, though you obviously should not (otherwise the value of the cookie may be sniffed). Since a secure cookie can be changed by an insecure connection, you cannot trust that the cookie value was not corrupted by a third party that intercepted and changed the contents of an insecure HTTP request to your site. Therefore, depending on how you’re using the secure cookie, you may need to validate its contents.