jimfog Posted February 2, 2017 Share Posted February 2, 2017 I trying to set the session cookie parameters using the function session_set_cookie_parameters.Here is the code: $sesarr=session_get_cookie_params();//I use this function here to grab the data and padd them below session_set_cookie_params($sesarr["lifetime"],$sesarr["path"],$sesarr["domain"],TRUE,TRUE); session_start(); Now....according to the manual if the secure option is set to true(as the case above) the cookie will only be sent if the connection is secure. I do my testing to a local machine(localhost) and as such the connection is not secure. Despite that the cookie is sent after all...I can see that from chrome dev tools. Any idea why this might be happening? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 2, 2017 Share Posted February 2, 2017 If you changed that stuff then make sure you delete cookies after you change anything so that you can get a new cookie. Maybe it's sending the old one. Link to comment Share on other sites More sharing options...
jimfog Posted February 3, 2017 Author Share Posted February 3, 2017 If you changed that stuff then make sure you delete cookies after you change anything so that you can get a new cookie. Maybe it's sending the old one. After deleting the session cookie and refreshing the page the login screen appeared(something to be expected as the session was destroyed)...a logged in again and a new cookie was sent...meaning that the code still has no effect. I must add this: When the user logins he/she is redirected to a page called appointments.php(it is the home page of a logged in user)...the code is found there. It is not the page where the session is set originally....so I am wondering if the code must be placed in the page where the session is set original. I just placed the code in appointments.php and did the testing there. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 3, 2017 Share Posted February 3, 2017 You need to set the session cookie parameters any time you start a session. Ideally you would have an include file for things like this which need to happen on every page. I'd also use your developer tools to look at when the cookie gets set to verify that it's being set correctly. If all of that is true then I'd try to research whether or not browsers use a different security model for localhost. Link to comment Share on other sites More sharing options...
jimfog Posted February 6, 2017 Author Share Posted February 6, 2017 You need to set the session cookie parameters any time you start a session. I agree... Nonetheless...before setting the parameters in every site page I must be certain that the "thing" works. So...in order to test it I just placed the code in one page and hit refresh. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now