Menu
I want to set secure flag for cookies data when accessing content over HTTPS.
The cookies is used on entire application so need to global configuration to secure all the cookies.
637
Launch Google Chrome and go to either WEB or CAWEB portal website. Press F12 (from Keyboard) to launch Developer Tools. Go to Application tab -> Cookies ( left Panel) and ensure the Secure column was ticked.
Set HttpOnly cookie in PHP The following line sets the HttpOnly flag for session cookies - make sure to call it before you call session_start(): ini_set("session. cookie_httponly", True); This is the most common way to set cookies in PHP, empty variables will hold their default value.
To enable Secure flag for JSESSIONID session cookie, you can add attribute secure="true" to the <connector> you use in the web subsystem of your standalone(-*). xml or domain. xml .
You need to override the default setting using session_set_cookie_params, set the $secure flag to true,
void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] ) more info at php.net
In laravel you need to alter the config/session.php configuration,set the secure flag to true
/* |-------------------------------------------------------------------------- | HTTPS Only Cookies |-------------------------------------------------------------------------- | | By setting this option to true, session cookies will only be sent back | to the server if the browser has a HTTPS connection. This will keep | the cookie from being sent to you if it can not be done securely. | */ 'secure' => true, In newer versions of laravel you can simply set the SESSION_SECURE_COOKIE=true in the .env file
151
You can set the value of secure true in your config/session.php file as illustrated below;
'secure' => env( 'SESSION_SECURE_COOKIE', true ), If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
