session_set_cookie_params 似乎有效，但 cookie 不受影响 [英] session_set_cookie_params seems to work but cookies are not affected

问题描述

我正在使用 HTTPS，我想为 PHPSESSID 和我创建的其他 cookies 设置安全属性.

I'm using HTTPS and I would like to set the secure attribute for the PHPSESSID and the other cookies I have created.

session_set_cookie_params(0,'/','', isset($_SERVER["HTTPS"]));
session_start();
$data = session_get_cookie_params();
foreach ($data as $key=>$value) {
    echo $key.$value;
}

该函数似乎可以工作，实际上，打印出session_get_cookie_params() 安全属性等于1.
但是，当我通过 Firefox 或 Firebug+Firecookie 检查我的 cookie 状态时，它们似乎完全不受该语句的影响.即使更改域属性也会产生相同的结果.

The function seems to work, in fact, printing out session_get_cookie_params() the secure attribute is equal to 1.
But, when I check my cookie state by Firefox or by Firebug+Firecookie they appear to be not affected at all by the statement. Even changing the domain attribute gives the same results.

我正在 XAMPP、Ubuntu 和本地主机上工作(本地主机应该对安全问题进行特殊处理，也许).感谢您的帮助！

I'm working on XAMPP, on Ubuntu and on localhost (localhost should have a special treatment for security issues, maybe). Thanks for your help!

推荐答案

在使用 session_set_cookie_params 时尝试使用 session name.

Try using a session name when using session_set_cookie_params.

参考:
PHP session_set_cookie_params
PHP session_name

这篇关于session_set_cookie_params 似乎有效，但 cookie 不受影响的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！