-1

So i have my code where i use session

$session->start();
if (...){
...
$session->set('session', $someVar);
}

And Ive got some problem when i try in console document.cookie. How can i set cookie_httponly, im using symfony. And where should i set it? i tried to set it in the same file where i used $session->start(); 

ini_set('session.cookie_httponly', 1);
class Class 
{
$session->start();
if (...){
...
$session->set('session', $someVar);
}
}

Was it right?

frozenme
  • 19
  • 1
  • 3

1 Answers1

1

Set PHP.ini values then set session cookie parameters before you start session.

ini_set("session.cookie_domain",".".$_SERVER['SERVER_NAME']);
ini_set("session.cookie_secure",true);
ini_set("session.cookie_httponly",true);

session_set_cookie_params(
    0, 
    "/", 
    ini_get("session.cookie_domain"),
    ini_get("session.cookie_secure"),
    ini_get("session.cookie_httponly")
); 

session_start();

To set cookie:

setCookie(
    $cookie_name="CookieName",
    $cookie_value="CookieValue",
    $cookie_lifetime=time()+31536000, // 1 Year
    $cookie_path="/",
    ini_get("session.cookie_domain"),
    ini_get("session.cookie_secure"),
    ini_get("session.cookie_httponly")
)

Refer to the official PHP Manual for more details.

Nelson Rakson
  • 558
  • 3
  • 14