你如何在 PHP 中设置使用 HttpOnly cookie [英] How do you set up use HttpOnly cookies in PHP
问题描述
如何将 PHP 应用程序
中的 cookie 设置为 HttpOnly cookies
?
How can I set the cookies in my PHP apps
as HttpOnly cookies
?
推荐答案
- 对于您的 cookie,请参阅此答案.
- 对于 PHP 自己的会话 cookie(
PHPSESSID
,默认情况下),请参阅 @richie 的回答 - For your cookies, see this answer.
- For PHP's own session cookie (
PHPSESSID
, by default), see @richie's answer
setcookie()
和 <一个 href="http://php.net/manual/en/function.setrawcookie.php" rel="nofollow noreferrer">setrawcookie()
函数,引入了布尔值 httponly
参数,回到 PHP 5.2.0 的黑暗时代,使这变得简单易行.只需按照语法将第 7 个参数设置为 true
The setcookie()
and setrawcookie()
functions, introduced the boolean httponly
parameter, back in the dark ages of PHP 5.2.0, making this nice and easy. Simply set the 7th parameter to true, as per the syntax
为简洁起见简化了函数语法
setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
setrawcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
在 PHP <8、为希望保持默认的参数指定NULL
.
In PHP < 8, specify NULL
for parameters you wish to remain as default.
在 PHP >= 8 中,您可以从使用命名参数中受益.请参阅有关命名参数的问题.
In PHP >= 8 you can benefit from using named parameters. See this question about named params.
setcookie( $name, $value, httponly:true )
也可以使用旧的、较低级别的 header()
函数:
It is also possible using the older, lower-level header()
function:
header( "Set-Cookie: name=value; HttpOnly" );
您可能还需要考虑是否应该设置 Secure
参数.
You may also want to consider if you should be setting the Secure
parameter.
这篇关于你如何在 PHP 中设置使用 HttpOnly cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!