How do you set up use HttpOnly cookies in PHP

by

For PHP’s own session cookies on Apache:
add this to your Apache configuration or .htaccess

<IfModule php5_module>
    php_flag session.cookie_httponly on
</IfModule>

This can also be set within a script, as long as it is called before session_start().

ini_set( 'session.cookie_httponly', 1 );

More Related Contents:

  1. xss attack on a php page
  2. How Secure Is This Login System? (Using Cookies In PHP)
  3. How can I sanitize user input with PHP?
  4. What are the best practices for avoiding xss attacks in a PHP site [closed]
  5. The ultimate clean/secure function
  6. Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
  7. Best way to defend against mysql injection and cross site scripting
  8. PHP setcookie “SameSite=Strict”?
  9. CodeIgniter – why use xss_clean
  10. How do you configure HttpOnly cookies in tomcat / java webapps?
  11. Session timeouts in PHP: best practices
  12. What encryption algorithm is best for encrypting cookies?
  13. How can I store my users’ passwords safely?
  14. Allow php sessions to carry over to subdomains
  15. How to create a secure mysql prepared statement in php?
  16. Simplest two-way encryption using PHP
  17. PHP login system: Remember Me (persistent cookie) [duplicate]
  18. PHP MySQLI Prevent SQL Injection [duplicate]
  19. How to fake $_SERVER[‘REMOTE_ADDR’] variable?
  20. Login without HTTPS, how to secure?
  21. Is it safe to trust $_SERVER[‘REMOTE_ADDR’]?
  22. How to get rid of eval-base64_decode like PHP virus files?
  23. How to destroy the session cookie correctly with PHP?
  24. How to enable DDoS protection?
  25. XSS filtering function in PHP
  26. How can I set a cookie and then redirect in PHP?
  27. Cookies vs. sessions in PHP
  28. How can I determine a file’s true extension/type programmatically?
  29. How to get cookie’s expire time
  30. Can I serve MP3 files with PHP?

Leave a Comment