As we know Cookie is often used for identifying user data, when user opening a website, cookie stores information about the user in the browser, Each time the same system requests a page with in a same browser, it will send the cookie too.So when we are considering about the security it is a programmer duty to make it more secure when it exchanging between browser and server,nowadays it is easy to access other website cookie and get the flow of the website using that cookie information.So here am going explain you how to make a cookie secure and httponly in PHP .we have lot of method to accomplish this task,lets have a look on it.
Method 1
Make cookie secure using PHP.ini if you have the permission to access php.ini you can open and add below code at the end of php.ini to make your cookie secure and httponly session.cookie_httponly=On session.cookie_secure=On
Method 2
if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this, which can be done by one of the most common function ini_set(); Make cookie secure using ini_set() function add below ini_set() functions in the top of your home page ini_set('session.cookie_httponly',1); ini_set('session.use_only_cookies',1); ini_set('session.cookie_secure', 1);
Method 3
if you don't have the permission to access php.ini file,fortunately we have another method to accomplish this,which can be done by one of the most common function header() in php Make cookie secure using header() function add below header() functions in the top of your home page header("Set-Cookie: key=value; path=/; domain=www.tutorialshore.com; HttpOnly; Secure; SameSite=Strict");
See how we can check a cookie is secure and httponly, we can do with the help of chrome browser as we know almost every browser have the inspect element option, within inspect element tab we have the application section to check cookie see below image.
Click F12 function button go for application => cookies