I have a question is it possible to encrypt the cookies for my api in php?
i have this code to be not used directly or they need account to able to use my api
include('../../info.php'); // here is the code for session
if(!isset($_SESSION['user'])){ // user is the user_type in my db
header("HTTP/1.1 401");
readfile('../../error/401.html');
exit();
}
if ( $_SERVER['REQUEST_METHOD']=='GET' && realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {
http_response_code(401);
header( 'HTTP/1.0 401 Forbidden', TRUE, 401 );
die( readfile('../../error/401.html') );
}
but when i try POSTMAN with my cookies it still give me the response of the api instead of getting the response code 401 but if i disable cookies in POSTMAN i get 401.
How do i secure my api?