Secure Cookie in PHP and Use case

It specifies whether cookies should only be sent over secure connections.
it means cookie will be sent on HTTPS protocol, not on HTTP.
you can set in PHP by using

session.cookie_secure = On; in php.ini

or by setting   session_set_cookie_params () function while setting cookie,

or ini_set() but before session_start() is called in your application.


Use case:-
If you are running your site on both protocol, HTTP, and HTTPS and let’s say,  you set login cookie as https only.

if somehow , the user is migrating from HTTPS to HTTP, the user would not be login anymore, as session id will not be available for that user and SESSION array in PHP will be empty because session id will be transmitted over https.

Leave a Reply

Your email address will not be published. Required fields are marked *