RE: [PHP] Is session_start() using encrypted cookies with HTTPS

-Original Message- From: Adam Richardson [mailto:simples...@gmail.com] Sent: Sunday, November 07, 2010 2:22 PM To: PHP-General Subject: Re: [PHP] Is session_start() using encrypted cookies with HTTPS On Sun, Nov 7, 2010 at 2:39 PM, Yannick Warnier ywarn...@beeznest.orgwrote

Re: [PHP] Is session_start() using encrypted cookies with HTTPS

Couldn't Yannick also use $_SERVER['HTTPS'] and take action for the session and cookies accordingly? Regards, Tommy Not to my understanding. When a visitor makes a request, the browser must determine which cookies are appropriate for transmitting in the request. By the time PHP

Re: [PHP] Is session_start() using encrypted cookies with HTTPS

On 2010-11-08, at 9:58 AM, Adam Richardson simples...@gmail.com wrote: Couldn't Yannick also use $_SERVER['HTTPS'] and take action for the session and cookies accordingly? Regards, Tommy Not to my understanding. When a visitor makes a request, the browser must determine which

Re: [PHP] Is session_start() using encrypted cookies with HTTPS

On Sun, Nov 7, 2010 at 2:39 PM, Yannick Warnier ywarn...@beeznest.orgwrote: Hi all, It came to my attention through the Netcraft newsletter[1] that cookies in a web application are not always sent encrypted when a server is contacted through HTTPS. Not quite. Requests and responses over