你如何在 PHP 中设置使用 HttpOnly cookie [英] How do you set up use HttpOnly cookies in PHP

问题描述

如何将 PHP 应用程序 中的 cookie 设置为 HttpOnly cookies?

How can I set the cookies in my PHP apps as HttpOnly cookies?

推荐答案

• 对于您的 cookie，请参阅此答案.
• 对于 PHP 自己的会话 cookie(PHPSESSID，默认情况下)，请参阅 @richie 的回答
• For your cookies, see this answer.
• For PHP's own session cookie (PHPSESSID, by default), see @richie's answer

setcookie() 和 <一个 href="http://php.net/manual/en/function.setrawcookie.php" rel="nofollow noreferrer">setrawcookie() 函数，引入了布尔值 httponly 参数，回到 PHP 5.2.0 的黑暗时代，使这变得简单易行.只需按照语法将第 7 个参数设置为 true

The setcookie() and setrawcookie() functions, introduced the boolean httponly parameter, back in the dark ages of PHP 5.2.0, making this nice and easy. Simply set the 7th parameter to true, as per the syntax

为简洁起见简化了函数语法

setcookie(    $name, $value, $expire, $path, $domain, $secure, $httponly )
setrawcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )

在 PHP <8、为希望保持默认的参数指定NULL.

In PHP < 8, specify NULL for parameters you wish to remain as default.

在 PHP >= 8 中，您可以从使用命名参数中受益.请参阅有关命名参数的问题.

In PHP >= 8 you can benefit from using named parameters. See this question about named params.

setcookie( $name, $value, httponly:true )

也可以使用旧的、较低级别的 header() 函数:

It is also possible using the older, lower-level header() function:

header( "Set-Cookie: name=value; HttpOnly" );

您可能还需要考虑是否应该设置 Secure 参数.

You may also want to consider if you should be setting the Secure parameter.

这篇关于你如何在 PHP 中设置使用 HttpOnly cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！