PHPSESSID cookie is not secure

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
manimekala
Forum Newbie
Posts: 2
Joined: Wed Oct 22, 2008 5:55 pm

PHPSESSID cookie is not secure

Post by manimekala »

Hi,

I am having a security vulnerability in my php website that the cookie PHPSESSID is not secure.
The site is over https and SSL certificates.
I have done the following to make the PHPSESSID cookie secure.
1) Changed the php configuration in php.ini file to allow secure cookies ( session.cookie_secure=1)
3) Before starting a session, I made the cookies secure with the INI_Set('session.cookie_secure',1);

But the issue doesnt seems to be resolved, and also I am not able to see the PHPSESSID cookie in my web browser hard disk.

Please help me ....
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: PHPSESSID cookie is not secure

Post by josh »

What do you mean it's not secure? That just means it won't be sent over a secure connection. How do you know it's being sent over an insecure connection?
Post Reply