ini_set('session.cookie_httponly', 1);
more information here on the PHP docs
More Related Contents:
- PHP Session Fixation / Hijacking
- xss attack on a php page
- How Secure Is This Login System? (Using Cookies In PHP)
- How can I sanitize user input with PHP?
- How can I store my users’ passwords safely?
- How to create a secure mysql prepared statement in php?
- Simplest two-way encryption using PHP
- Full Secure Image Upload Script
- What does it mean to escape a string?
- Check if cookies are enabled
- PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
- PHP MySQLI Prevent SQL Injection [duplicate]
- How to fake $_SERVER[‘REMOTE_ADDR’] variable?
- Best way to defend against mysql injection and cross site scripting
- Are mysql_real_escape_string() and mysql_escape_string() sufficient for app security?
- Login without HTTPS, how to secure?
- Is it safe to trust $_SERVER[‘REMOTE_ADDR’]?
- how safe are PDO prepared statements
- How to get rid of eval-base64_decode like PHP virus files?
- How can I relax PHP’s open_basedir restriction?
- How to run PHP exec() as root?
- Hiding true database object ID in url’s
- CodeIgniter – why use xss_clean
- How to enable DDoS protection?
- Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?
- Why should I use $_GET and $_POST instead of $_REQUEST? [duplicate]
- What is the difference between session_unset() and session_destroy() in PHP?
- Codeigniter CSRF – how does it work
- How to protect my source code when deployed?
- PHP authentication with multiple domains and subdomains