Last active
March 20, 2025 22:08
-
-
Save putWorkDev/5942093585bf792db392 to your computer and use it in GitHub Desktop.
Security with cookies: - PREVENTING SESSION HIJACKING
- PREVENTING SESSION FIXATION
- Uses a secure connection (HTTPS) if possible
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| With .htaccess just need to add these flags: | |
| php_value session.cookie_httponly 1 | |
| php_value session.cookie_secure 1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // **PREVENTING SESSION HIJACKING** | |
| // Prevents javascript XSS attacks aimed to steal the session ID | |
| ini_set('session.cookie_httponly', 1); | |
| // **PREVENTING SESSION FIXATION** | |
| // Session ID cannot be passed through URLs | |
| ini_set('session.use_only_cookies', 1); | |
| // Uses a secure connection (HTTPS) if possible | |
| ini_set('session.cookie_secure', 1); | |
| // OR if u want to add directly to setcookie function | |
| setcookie("name", "value", NULL, NULL, NULL, TRUE, NULL); | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment