Is session.cookie_secure in php.ini automatic?

php session cookies httponly
AllThisOnAnACER picture AllThisOnAnACER · Sep 10, 2014 · Viewed 8.7k times · Source

Simple answer requested: If I put 

session.cookie_httponly=On
session.cookie_secure=On

in the php.ini file for my website, will that automatically turn all the php cookies to secure and httponly, or will I still need to put in true, true into parameter slots 6 and 7 in the cookie itself?

Answer

MrTux picture MrTux · Sep 10, 2014

The answer is yes. Setting this in php.ini is enough (however, I only saw "True" as the setting used instead of "On").

You can verify this by setting these values, restarting your webserver and accessing your site with a browser, e.g. Firefox. Then open "site information", and choose "security" tab and click on cookies. There you can see if it's marked as secure.

Related questions

How do I expire a PHP session after 30 minutes?

I need to keep a session alive for 30 minutes and then destroy it.

Read More
What is the difference between Sessions and Cookies in PHP?

What is the distinction between Sessions and Cookies in PHP?

Read More
Cookies vs. sessions

I started using PHP a couple of months ago. For the sake of creating a login system for my website, I read about cookies and sessions and their differences (cookies are stored in the user's browser and sessions on the …

Read More