PHP sets the HTTPONLY attribute method of the Cookie, cookiehttponly

PHP sets the HTTPONLY attribute method of the Cookie, cookiehttponly

Httponly is an extension made by Microsoft for cookies. It mainly solves the possible theft and use of cookies.

As we all know, when we log on to the mailbox or forum, the server will write some cookies to our browser. When we access other pages next time, the browser will automatically pass the cookies back, in this way, you can view all the content that you need to log on. That is to say, in essence, all login statuses are built on cookies! Assuming that the cookie we log on to is obtained by someone, it is dangerous to expose personal information! Of course, think about how other people can obtain customers' cookies? It must be a program of malicious people running in a browser! There is no way for the rogue software that is currently around the sky. httponly is not used to solve this problem. It is used to solve the problem of javascript access to cookies in the browser. Imagine a flash program running in your browser, you can get your cookie!

The SP1 of IE6 carries the support for httponly, so it is more secure.

Settings in PHP

PHP5.2 and later versions support HttpOnly parameter settings and global HttpOnly settings. in php. ini
-----------------------------------------------------
Session. cookie_httponly =
-----------------------------------------------------

Set the value to 1 or TRUE to enable the HttpOnly attribute of the global Cookie. Of course, it can also be enabled in the Code:

<?php ini_set("session.cookie_httponly", 1);  // or session_set_cookie_params(0, NULL, NULL, NULL, TRUE); ?> 

The setcookie function and setrawcookie function also add 7th parameters as the HttpOnly option. The enabling method is as follows:

<?phpsetcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE); setrawcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE);?>

For versions earlier than PHP5.1 and PHP4, you need to use the header function to work around it:

<?php header("Set-Cookie: hidden=value; httpOnly"); ?> 

The above PHP setting Cookie HTTPONLY attribute method is all the content shared by the editor. I hope you can give us a reference and support the house of friends.