Modifying HTTP headers

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
Lithorien
-


Joined: 20 Jun 2004
Posts: 38

PostPosted: Tue Jan 02, 2018 10:07 am    Post subject: Modifying HTTP headers Reply with quote

Hello.

I was curious - is it possible to modify HTTP headers, such as the Set-Cookie: header? I would like to ensure that any cookies sent from my domain have the "Secure" flag set (so they aren't sent over HTTP - just HTTPS) to avoid any downgrade attacks.

Thank you!



Edit: This question is in reference to the information found here: https://wiki.mozilla.org/Security/Guidelines/Web_Security#Cookies
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 882
Location: Michigan, USA

PostPosted: Thu Jan 04, 2018 12:20 am    Post subject: Reply with quote

The easiest solution is to force all your traffic over to HTTPS.

Other than that, you probably realize PHP's cookie parameters set the secure feature to false. You can override that in your php.ini.

Look for these lines:
Code:
; http://php.net/session.cookie-secure
;session.cookie_secure =

_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Lithorien
-


Joined: 20 Jun 2004
Posts: 38

PostPosted: Sat Feb 10, 2018 7:20 pm    Post subject: Reply with quote

pkSML wrote:
The easiest solution is to force all your traffic over to HTTPS.

Other than that, you probably realize PHP's cookie parameters set the secure feature to false. You can override that in your php.ini.

Look for these lines:
Code:
; http://php.net/session.cookie-secure
;session.cookie_secure =


Thank you. I forced all traffic over HTTPS, honestly - it definitely was the easier solution. Just looking to make my site secure, not fort knox. :)

Thank you!
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group