Jump to content

trying to set session cookie parameters...


jimfog

Recommended Posts

I trying to set the session cookie parameters using the function session_set_cookie_parameters.Here is the code:

 

$sesarr=session_get_cookie_params();//I use this function here to grab the data and padd them below
session_set_cookie_params($sesarr["lifetime"],$sesarr["path"],$sesarr["domain"],TRUE,TRUE);
session_start();

Now....according to the manual if the secure option is set to true(as the case above) the cookie will only be sent if the connection is secure.

 

I do my testing to a local machine(localhost) and as such the connection is not secure.

Despite that the cookie is sent after all...I can see that from chrome dev tools.

 

Any idea why this might be happening?

 

Link to comment
Share on other sites

If you changed that stuff then make sure you delete cookies after you change anything so that you can get a new cookie. Maybe it's sending the old one.

After deleting the session cookie and refreshing the page the login screen appeared(something to be expected as the session was destroyed)...a logged in again

and a new cookie was sent...meaning that the code still has no effect.

 

I must add this:

When the user logins he/she is redirected to a page called appointments.php(it is the home page of a logged in user)...the code is found there.

It is not the page where the session is set originally....so I am wondering if the code must be placed in the page where the session is set original.

 

I just placed the code in appointments.php and did the testing there.

Link to comment
Share on other sites

You need to set the session cookie parameters any time you start a session. Ideally you would have an include file for things like this which need to happen on every page. I'd also use your developer tools to look at when the cookie gets set to verify that it's being set correctly. If all of that is true then I'd try to research whether or not browsers use a different security model for localhost.

Link to comment
Share on other sites

You need to set the session cookie parameters any time you start a session.

I agree...

Nonetheless...before setting the parameters in every site page I must be certain that the "thing" works.

So...in order to test it I just placed the code in one page and hit refresh.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...