问题
Possible Duplicate:
PHP session_set_cookie_params
I am using only HTTP (not HTTPS, SSL is not configured on my server).
Does "secure" mean that cookies will be transfered only via SSL? Or it is possible to use this parameter with HTTP too?
回答1:
It means the browser will only send the cookie when the current connection is encrypted (SSL/TLS). You only use it with an encrypted connection.
- http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure
- http://us3.php.net/manual/en/function.setcookie.php#refsect1-function.setcookie-parameters
You can optionally set the HttpOnly flags as well to prevent client-side scripts from accessing cookie as well to help secure it further. So in your case set the 'secure' flag to FALSE and the the HttpOnly flag to TRUE. That is as secure as your cookie setting will get other than setting a path which you are most likely wanting as / anyways.
来源:https://stackoverflow.com/questions/14015775/what-means-secure-parameter-for-session-set-cookie-params-function