turning on https flag for cookie

Question

So I am using this legacy application which is in php 4. I am trying to set the httponly flag and secure flag on.

This is my code:

header( "Set-Cookie:". $cookieName."=".$sessId."; expires=".$expireSeconds."; sessionID=".$sessId.";path=".$path."; domain=".$domain."; httponly; secure");

The secure flag is set on but the httponly is not.

Could it because the URL uses https protocol?

EDIT: Also, does the expire field take seconds. right now, $expireSeconds=14400; How do I modify the code to rectify this if it doesnt expect seconds as a parameter.

score 0 · Answer 1 · answered Oct 29 '12 at 20:49

0

Why are you doing it via header() when there's setcookie() available? This function is available in PHP4.

setcookie($cookieName, $sessID, $expireSeconds, $path, $domain, true, true);
                                                                ^--secure
                                                                      ^--http

answered Oct 29 '12 at 20:49

Marc B

356,200
43
426
500

the httponly flag is not available in setcookie function for php 4 – Micheal Oct 29 '12 at 21:06

turning on https flag for cookie

1 Answers1