Andrew,
Wow, copied and pasted in the wrong link ...no wonder it made no sense -
WHOOPS!!
The correct link is:
http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-14609
Below are the methods I WAS working with (similar to your recommendation last
week - thank you) and expanded with the blog post above recommendations.
@setcookie( $name, $value, $expires, $path, $domain . '; HttpOnly' ); sets http
flag but not secure (not included)
@setcookie( $name, $value, $expires, $path, $domain, TRUE ); // sets secure but
not http (not included)
@setcookie( $name, $value, $expires, $path, $domain, TRUE . '; HttpOnly' ); //
sets secure but not http (included)
What I've landed on in case this helps anyone else is the following:
@setcookie( $name, $value, $expires, $path, $domain . 'secure; HttpOnly' ); //
this sets both http flag and secure
What made it work was using the word secure rather than a Boolean value and
putting it within the quotes along with HttpOnly.
Thanks!
Jen
-Original Message-
From: Andrew Ballard [mailto:aball...@gmail.com]
Sent: Tuesday, August 16, 2011 1:06 PM
To: j...@cetaceasound.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] Secure vs httpOnly cookie flag: is one better?
I don't see the relevance of the address you cited above, but if you
are referring to the workaround that I showed you last week --
http://marc.info/?l=php-generalm=131281548332245w=2
-- you can easily extend the technique to set both flags.
header('Set-Cookie: cookie_name=value; secure; HttpOnly');
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php