什么是“安全"?session_set_cookie_params() 函数的参数? [英] What means "secure" parameter for session_set_cookie_params() function?

问题描述

可能的重复:
PHP session_set_cookie_params

我只使用 HTTP(不是 HTTPS，我的服务器上没有配置 SSL).

I am using only HTTP (not HTTPS, SSL is not configured on my server).

安全"是否意味着 cookie 将仅通过 SSL 传输?或者也可以将此参数与 HTTP 一起使用?

Does "secure" mean that cookies will be transfered only via SSL? Or it is possible to use this parameter with HTTP too?

推荐答案

这意味着浏览器只会在当前连接被加密 (SSL/TLS) 时发送 cookie.您只能通过加密连接使用它.

It means the browser will only send the cookie when the current connection is encrypted (SSL/TLS). You only use it with an encrypted connection.

• http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure
• http://us3.php.net/manual/en/function.setcookie.php#refsect1-function.setcookie-parameters

您还可以选择设置 HttpOnly 标志，以防止客户端脚本访问 cookie，并进一步帮助保护它.因此，在您的情况下，将安全"标志设置为 FALSE，将 HttpOnly 标志设置为 TRUE.这与您的 cookie 设置一样安全，而不是设置您最有可能想要的路径.

You can optionally set the HttpOnly flags as well to prevent client-side scripts from accessing cookie as well to help secure it further. So in your case set the 'secure' flag to FALSE and the the HttpOnly flag to TRUE. That is as secure as your cookie setting will get other than setting a path which you are most likely wanting as / anyways.

这篇关于什么是“安全"?session_set_cookie_params() 函数的参数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！