session_set_cookie_params seems to work but cookie

2019-09-01 03:16发布

站内问答 / PHP
1568 2 5

I'm using HTTPS and I would like to set the secure attribute for the PHPSESSID and the other cookies I have created.

session_set_cookie_params(0,'/','', isset($_SERVER["HTTPS"]));
session_start();
$data = session_get_cookie_params();
foreach ($data as $key=>$value) {
    echo $key.$value;
}

The function seems to work, in fact, printing out session_get_cookie_params() the secure attribute is equal to 1.
But, when I check my cookie state by Firefox or by Firebug+Firecookie they appear to be not affected at all by the statement. Even changing the domain attribute gives the same results.

I'm working on XAMPP, on Ubuntu and on localhost (localhost should have a special treatment for security issues, maybe). Thanks for your help!

2条回答
唯我独甜
2楼-- · 2019-09-01 03:37

Try using a session name when using session_set_cookie_params.

Reference:
PHP session_set_cookie_params
PHP session_name

查看更多
0人赞 添加讨论(0) 举报
对你真心纯属浪费
3楼-- · 2019-09-01 03:52

I had the same issue and using session_name() didn't help. I had to disable session_start() generating the cookie and generate the cookie manually like this:

$sessionID = $_COOKIE[session_name()];
ini_set('session.use_cookies', false);
if ($sessionID) session_id($sessionID); // reuse if available
session_start();
// session_set_cookie_params() is not working with a "path" part
// this way every click is extending the session for $timeout more
setcookie(session_name(), $sessionID ?: session_id(), time() + $timeout, $cookiePath, $_SERVER['HTTP_HOST'], false, true);

x-powered-by: PHP/5.4.15

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)