I have joust built a website with a login system. After I’ve just got

Question

0

Asked: June 14, 20262026-06-14T01:47:29+00:00 2026-06-14T01:47:29+00:00

I have joust built a website with a login system. After I’ve just got

0

I have joust built a website with a login system. After I’ve just got ready I have scanned it with Acunetix, but I got the following message:

Session Cookie without HttpOnly flag set
Session Cookie without Secure flag set (i guess this is only if I have SSL connection)

So my question would be, that how can I set HttpOnly flag for all my Session data? I’m just using sessions when I log in the users. I’m giving them a session with their userID number and than I’m getting data using that userID.

Is there any simple way that I can set ALL of the session HTTPOnly and secure them, so noone can touch them?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T01:47:30+00:00

Editorial Team

2026-06-14T01:47:30+00:00Added an answer on June 14, 2026 at 1:47 am

You can either change settings in php.ini, or via ini_set() calls to change session.cookie_secure and session.cookie_httponly values to true.

Alternately, you can use session_set_cookie_params() before starting your session to get the effect you are looking for.

https://www.php.net/manual/en/function.session-set-cookie-params.php

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have joust built a website with a login system. After I’ve just got

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply