How to set httponly in php: first find and open the "php.ini" file; then set the value of the "session.cookie_httponly" item to 1 or TRUE; then open it through the "setrawcookie" method.
Recommended: "PHP Video Tutorial"
PHP sets the HTTPONLY attribute of Cookie
httponly is Microsoft's extension to cookies. This is mainly to solve the problem that users' cookies may be stolen.
As we all know, when we log in to our mailbox or forum, the server will write some cookies to our browser. When we visit other pages next time, the browser will automatically transfer the cookie, so this is achieved Once you log in, you can see all the content that you need to log in to see. In other words, in essence, all login statuses are based on cookies! Assuming that the cookies we log in are obtained by others, there is a risk of exposing personal information! Of course, think about it, how can anyone else get the customer's cookies? That must be a malicious person's program running in the browser! If it is rogue software that is flying all over the world now, there is no way. httponly is not used to solve this situation. It is used to solve the problem of JavaScript accessing cookies in the browser. Just imagine, a flash program running in your browser can get your cookies!
SP1 of IE6 comes with support for httponly, so it is relatively safe.
Settings in PHP
PHP5.2 and above already support the setting of HttpOnly parameters, and also support the setting of global HttpOnly, which can be set in php.ini
session.cookie_httponly =
Its value is 1 or TRUE to turn on the global Cookie HttpOnly attribute. Of course, it also supports turning it on in the code:
<?php ini_set("session.cookie_httponly", 1);
// or session_set_cookie_params(0, NULL, NULL, NULL, TRUE);
?>Cookie operation function setcookie function and setrawcookie function also specifically add a seventh parameter to do this It is an HttpOnly option. The method to enable it is:
setcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE);
setrawcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE);
For versions earlier than PHP5.1 and PHP4, you need to use the header function to work around it:
<?php header("Set-Cookie: hidden=value; httpOnly"); ?>The above is the detailed content of How to set httponly in php. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Zend Studio 13.0.1
Powerful PHP integrated development environment
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
