session_set_cookie_params 似乎有效,但 cookie 不受影响 [英] session_set_cookie_params seems to work but cookies are not affected
问题描述
我正在使用 HTTPS,我想为 PHPSESSID
和我创建的其他 cookies
设置安全属性.
I'm using HTTPS and I would like to set the secure attribute for the PHPSESSID
and the other cookies
I have created.
session_set_cookie_params(0,'/','', isset($_SERVER["HTTPS"]));
session_start();
$data = session_get_cookie_params();
foreach ($data as $key=>$value) {
echo $key.$value;
}
该函数似乎可以工作,实际上,打印出session_get_cookie_params()
安全属性等于1.
但是,当我通过 Firefox
或 Firebug+Firecookie
检查我的 cookie 状态时,它们似乎完全不受该语句的影响.即使更改域属性也会产生相同的结果.
The function seems to work, in fact, printing out session_get_cookie_params()
the secure attribute is equal to 1.
But, when I check my cookie state by Firefox
or by Firebug+Firecookie
they appear to be not affected at all by the statement. Even changing the domain attribute gives the same results.
我正在 XAMPP、Ubuntu 和本地主机上工作(本地主机应该对安全问题进行特殊处理,也许).感谢您的帮助!
I'm working on XAMPP, on Ubuntu and on localhost (localhost should have a special treatment for security issues, maybe). Thanks for your help!
推荐答案
在使用 session_set_cookie_params
时尝试使用 session name
.
Try using a session name
when using session_set_cookie_params
.
参考:
PHP session_set_cookie_params
PHP session_name
这篇关于session_set_cookie_params 似乎有效,但 cookie 不受影响的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!