Q . How to make PHP session in httponly,secure and change session name ?

Misbahul Haque. asked, Oct 29 ' 2016
session_start();

It starts the session with name PHPSESSID and without httponly.

Suggest me how to change session name and make it more secure ?

  • PHP
  • session

1 Answers

You can make it more secure by setting all the session cookie params.

Get all the params by below function.

$currentCookieParams = session_get_cookie_params()
print_r($currentCookieParams);

Now Set all the params by using below function and start the session.

session_set_cookie_params(
        0,      //session cookie time -- 0 is for session time
        '/',    //session path from where it can access
        '',     //host blank will set the host of your site
        false,  //works only in ssl
        true    //set true for httponly means it will access only from server side.
);

//change session cookie name
session_name('aaaa');

@session_start();

 

Leave a Ansewer