2014-01-17 22:31
浏览 316

PHP session.cookie_secure实际上并没有将cookie设置为安全

In my php.ini confirmed I have:

session.cookie_secure = 1

Also, doing:

<?php print_r(session_get_cookie_params()); ?>

Results in:

Array ( [lifetime] => 0 [path] => / [domain] => [secure] => 1 [httponly] => 1 )

However, inspecting a page in my application with Chrome Developer tools, going to cookies, it lists that sessions cookie is not secure, and not http only.

enter image description hereenter image description here

图片转代码服务由CSDN问答提供 功能建议

在我的 php.ini 中确认我有:

  session.cookie_secure = 1 


 &lt;?php 的print_r(session_get_cookie_params());  ?&gt; 


 数组([lifetime] =&gt; 0 [路径] =  &gt; / [domain] =&gt; [secure] =&gt; 1 [httponly] =&gt; 1)

但是,检查我的应用程序中的页面 Chrome开发者工具,转到Cookie,会列出会话Cookie 安全,而不是仅限http。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongyuqi3808 2014-01-20 18:39

    Similar to my answer in another question, Chrome developer tools always show blank Secure and HTTP attributes when the cookie is sent in the request. This is because the fact that a cookie is secure or HTTP only is not actually sent in a HTTP request. All that is sent is the name/value pair in the Cookie HTTP request header:

    Cookie: name=value

    Try an extension such as Edit This Cookie which will show whether the cookie has been successfully set as secure and HTTP Only.

    打赏 评论

相关推荐 更多相似问题