How to make a cookie secure and httponly in PHP ?

As we know Cookie is often used for identifying user data, when user opening a website, cookie stores information about the user in the browser, Each time the same system requests a page with in a same browser, it will send the cookie too.So when we are considering about the security it is a programmer duty to make it more secure when it exchanging between browser and server,nowadays it is easy to access other website cookie and get the flow of the website using that cookie information.So here am going explain you how to make a cookie secure and httponly in PHP .we have lot of method to accomplish this task,lets have a look on it.

Method 1

Make cookie secure using PHP.ini 

if you have the permission to access php.ini you can open and add below code at the end of php.ini to make your cookie secure and httponly

session.cookie_httponly=On
session.cookie_secure=On

Method 2

if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this, which can be done by one of the most common function ini_set();


Make cookie secure using ini_set() function

add below ini_set() functions in the top of your home page

ini_set('session.cookie_httponly',1);
ini_set('session.use_only_cookies',1);
ini_set('session.cookie_secure', 1);

Method 3

if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this,which can be done by one of the most common function header() in php


Make cookie secure using header() function

add below header() functions in the top of your home page

header("Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict");

See how we can check a cookie is secure and httponly, we can do with the help of chrome browser as we know almost every browser have the inspect element option, within inspect element tab we have the application section to check cookie see below image.
Click F12 function button go for application => cookies

make a cookie secure and httponly in PHP

Leave a Reply

Your email address will not be published. Required fields are marked *