View previous topic :: View next topic |
Author |
Message |
Lithorien -
Joined: 20 Jun 2004 Posts: 40
|
Posted: Tue Jan 02, 2018 10:07 am Post subject: Modifying HTTP headers |
|
|
Hello.
I was curious - is it possible to modify HTTP headers, such as the Set-Cookie: header? I would like to ensure that any cookies sent from my domain have the "Secure" flag set (so they aren't sent over HTTP - just HTTPS) to avoid any downgrade attacks.
Thank you!
Edit: This question is in reference to the information found here: https://wiki.mozilla.org/Security/Guidelines/Web_Security#Cookies |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Thu Jan 04, 2018 12:20 am Post subject: |
|
|
The easiest solution is to force all your traffic over to HTTPS.
Other than that, you probably realize PHP's cookie parameters set the secure feature to false. You can override that in your php.ini.
Look for these lines:
Code: | ; http://php.net/session.cookie-secure
;session.cookie_secure = |
_________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
Lithorien -
Joined: 20 Jun 2004 Posts: 40
|
Posted: Sat Feb 10, 2018 7:20 pm Post subject: |
|
|
pkSML wrote: | The easiest solution is to force all your traffic over to HTTPS.
Other than that, you probably realize PHP's cookie parameters set the secure feature to false. You can override that in your php.ini.
Look for these lines:
Code: | ; http://php.net/session.cookie-secure
;session.cookie_secure = |
|
Thank you. I forced all traffic over HTTPS, honestly - it definitely was the easier solution. Just looking to make my site secure, not fort knox. :)
Thank you! |
|
Back to top |
|
|
|