Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
655 views
in Technique[技术] by (71.8m points)

php - "secure" parameter in session_set_cookie_params

I am interested in learning more about the secure parameter of the function session_set_cookie_params().

Can you tell me how to utilize this properly? If this function is executed on a page that is not secure (but on a server that does have SSL), will it somehow send it securely or do I have to force SSL on the page this function is executed from on my own?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It means that the client will only send that cookie through a secure (HTTPS) connection. This means you'll have to forward the user to a secure URL in order for the cookie to get sent to the server.

You can set a secure cookie through an insecure connection, though you obviously should not (otherwise the value of the cookie may be sniffed). Since a secure cookie can be changed by an insecure connection, you cannot trust that the cookie value was not corrupted by a third party that intercepted and changed the contents of an insecure HTTP request to your site. Therefore, depending on how you're using the secure cookie, you may need to validate its contents.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...