PHPSESSID cookie is not secure
Posted: Wed Nov 05, 2008 12:28 pm
Hi,
I am having a security vulnerability in my php website that the cookie PHPSESSID is not secure.
The site is over https and SSL certificates.
I have done the following to make the PHPSESSID cookie secure.
1) Changed the php configuration in php.ini file to allow secure cookies ( session.cookie_secure=1)
3) Before starting a session, I made the cookies secure with the INI_Set('session.cookie_secure',1);
But the issue doesnt seems to be resolved, and also I am not able to see the PHPSESSID cookie in my web browser hard disk.
Please help me ....
I am having a security vulnerability in my php website that the cookie PHPSESSID is not secure.
The site is over https and SSL certificates.
I have done the following to make the PHPSESSID cookie secure.
1) Changed the php configuration in php.ini file to allow secure cookies ( session.cookie_secure=1)
3) Before starting a session, I made the cookies secure with the INI_Set('session.cookie_secure',1);
But the issue doesnt seems to be resolved, and also I am not able to see the PHPSESSID cookie in my web browser hard disk.
Please help me ....