Skip to content
Advertisement

How to set a cookie with the secure flag in PHP?

enter image description hereI want to set the httponly and secure flag true in my code but when i am trying to set that cookie. In that case cookie is not created and am unable to login to site.

ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1); 
session_name('sim');
$_SESSION['nons']=rand(1,999999999);
$value=md5($_SERVER["REMOTE_ADDR"]." ".$_SERVER["HTTP_USER_AGENT"]." ".$_SESSION['nons']);
$_SESSION['sim']=$value;
session_start();
session_regenerate_id();

This is the code which is using to create the session cookie after removing the below line code will work perfectly

ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1); 

But for security purpose i need to set the cookie flag one

Advertisement

Answer

The secure flag means “This cookie is only valid over HTTPS”.

You are using HTTP (without the S).

This means the cookie is invalid and the browser is correctly ignoring it.

You can’t require that cookies be secure if your communication channel isn’t.

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement