I’d like to know how to set cookies as HTTPOnly in Codeigniter. I reviewed

Question

0

Asked: June 3, 20262026-06-03T13:21:40+00:00 2026-06-03T13:21:40+00:00

I’d like to know how to set cookies as HTTPOnly in Codeigniter. I reviewed

0

I’d like to know how to set cookies as HTTPOnly in Codeigniter. I reviewed the documentation and didn’t see how to set this flag.

I was also looking to set the secure flag for cookies and found it in the config.php file:

$config['cookie_secure'] = TRUE;

But there wasn’t an HTTPOnly option in config.php.

How do I set all cookies to HTTPOnly? And if it’s done in the framework, it would be helpful to know where that code is for my own learning (and what the default is).

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-03T13:21:41+00:00

Luckily you can view the source code for Session.php on GitHub

In function _set_cookie you will see:

// Set the cookie
setcookie(
    $this->sess_cookie_name,
    $cookie_data,
    $expire,
    $this->cookie_path,
    $this->cookie_domain,
    $this->cookie_secure,
    $this->cookie_httponly
);

The value for $this->cookie_httponly is assigned in __construct and the default is FALSE but you can set it to TRUE through config.php as follows:

$config['cookie_httponly'] = TRUE;

This will enable your cookies within the framework to be HTTPOnly.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’d like to know how to set cookies as HTTPOnly in Codeigniter. I reviewed

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply