Menu
Is there a way to check if the cookie is httponly in php?
209
Press F12, go to the network tab, and then press Start Capturing. Back in IE then open the page you want to view. Back in the F12 window you show see all the individual HTTP requests, select the one that's the page or asset you're checking the cookies on and double click on it.
An HttpOnly cookie cannot be accessed by client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). If the browser allowed you to access it then it would be a defect in the browser.
Set HttpOnly cookie in PHP ini_set("session. cookie_httponly", True); This is the most common way to set cookies in PHP, empty variables will hold their default value.
You can indirectly check to see if it exists by trying to set it to a value with javascript if it can't be set, then the HTTP Only Cookie must be there (or the user is blocking cookies).
I don't think that's possible, because this information is not included in the raw headers sent by the browser. In fact, it doesn't make sense to send flags like these back to the server, because they are meaningless to the server and only wastes bandwidth.
90
Well, yes. You'll find it in the array returned by session_get_cookie_params, as long as your PHP is 5.2.0 or newer.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
