Page 1 of 1

PHPSESSID cookie is not secure

Posted: Wed Nov 05, 2008 12:28 pm
by manimekala
Hi,

I am having a security vulnerability in my php website that the cookie PHPSESSID is not secure.
The site is over https and SSL certificates.
I have done the following to make the PHPSESSID cookie secure.
1) Changed the php configuration in php.ini file to allow secure cookies ( session.cookie_secure=1)
3) Before starting a session, I made the cookies secure with the INI_Set('session.cookie_secure',1);

But the issue doesnt seems to be resolved, and also I am not able to see the PHPSESSID cookie in my web browser hard disk.

Please help me ....

Re: PHPSESSID cookie is not secure

Posted: Fri Nov 07, 2008 8:37 am
by josh
What do you mean it's not secure? That just means it won't be sent over a secure connection. How do you know it's being sent over an insecure connection?