Is there a way to check if a cookie is httponly in PHP

About

Asked 23/9, 2010 at 15:16 Answered 23/9, 2010 at 20:39

Is there a way to check if the cookie is httponly in php?

Intellectuality answered 23/9, 2010 at 15:16 Comment(1)

For cookies that are about to be set, you can query session_get_cookie_params(). For cookies that are being set in the current request, you can use ResponseHeader::get('Cookie') and Cookie::parse($cookieHeader). And, finally, for all cookies that have already been set, you're out of luck. – Mons 21/9, 2016 at 2:49

Well, yes. You'll find it in the array returned by session_get_cookie_params, as long as your PHP is 5.2.0 or newer.

Dewar answered 23/9, 2010 at 20:39 Comment(2)

The OP is reffering to any cookie and your answer seems to be only about session cookie. – Eurystheus 24/5, 2016 at 13:54

NO! session_get_cookie_params() just gets global values from php.ini, not for specific cookie. – Affusion 17/2, 2018 at 8:59

I don't think that's possible, because this information is not included in the raw headers sent by the browser. In fact, it doesn't make sense to send flags like these back to the server, because they are meaningless to the server and only wastes bandwidth.

Arbil answered 23/9, 2010 at 15:30 Comment(0)

Well, yes. You'll find it in the array returned by session_get_cookie_params, as long as your PHP is 5.2.0 or newer.

Dewar answered 23/9, 2010 at 20:39 Comment(2)

The OP is reffering to any cookie and your answer seems to be only about session cookie. – Eurystheus 24/5, 2016 at 13:54

NO! session_get_cookie_params() just gets global values from php.ini, not for specific cookie. – Affusion 17/2, 2018 at 8:59

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags