0

How does session_set_cookie_params work? I want to ensure all cookies are set with httponly=true, and secure=true. But instead of adding these arguments to every call to setcookie(), I can just - before session_start() - set them in session_set_cookie_params()? And henceforth, every call to setcookie sets those params i each and every cookie? That would save a lot of tedious work (and surely error-prone). I would imagine something like this

$cookieParams = session_get_cookie_params(); $cookieParams['httponly'] = true; $cookieParams['secure'] = true; session_set_cookie_params($cookieParams); session_start();

So now, if I do:

 setcookie("ABC_user", "", time()+3600);

That cookie has those params in argument 6 and 7 set? Is there a way to check that it works? Or is there an even better way to accomplish this?

Improve this question
3
  • session_set_cookie_params only influences the session id cookie, that gets set by session_start (or any other actually session-related functions, that might regenerate the session id cookie.) The general setcookie function has nothing whatsoever to do with that in the first place. Commented Feb 3, 2021 at 10:02
  • If you want your normal cookies set with specific extra parameters, without having to write them out every time - then you probably best create your own wrapper function, that calls setcookie with those explicitly specified values. Commented Feb 3, 2021 at 10:04
  • Thank you very much for that info. I had a suspicion that my vision was too good to be true... :-D Commented Feb 3, 2021 at 10:14

1 Answer 1

Reset to default
1

This simple code will give you what you want.

function set_cookie($name,$content,$time){ $http_only = true; $secure = true; $path = "/"; $domain = ".example.com"; // Include All Subdomains setcookie($name,$content,$time,$path,$domain,$secure,$http_only); } set_cookie("ABC_user", "", time() + 3600);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

WhereIsBurak: Something like that, yes. I prefer to keep the default argument values exactly as-is, from the php documentation. But it saves my day. Thank you. I'll set this as the accepted answer.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.