Cookies in my app are not secured and not http only, but they are configured exactly as in example on CakePHP Book 2.0 - Session Configuration.
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 30,
'cookieTimeout' => 30,
'ini' => array(
'session.cookie_secure' => true,
'session.cookie_httponly' => true
)
));
I am using SSL so this should be done automatically, but it's not happening, not even when I set this manually, see the code above. Cookie timeouts work well.
Any ideas? Thank you very much!