Hi,
I am having a security vulnerability in my php website that the cookie PHPSESSID is not secure.
The site is over https and SSL certificates.
I have done the following to make the PHPSESSID cookie secure.
1) Changed the php configuration in php.ini file to allow secure cookies ( session.cookie_secure=1)
3) Before starting a session, I made the cookies secure with the INI_Set('session.cookie_secure',1);
But the issue doesnt seems to be resolved, and also I am not able to see the PHPSESSID cookie in my web browser hard disk.
Please help me ....
PHPSESSID cookie is not secure
Moderator: General Moderators
-
manimekala
- Forum Newbie
- Posts: 2
- Joined: Wed Oct 22, 2008 5:55 pm
Re: PHPSESSID cookie is not secure
What do you mean it's not secure? That just means it won't be sent over a secure connection. How do you know it's being sent over an insecure connection?