Zend Framework, Sessions, and HttpOnly Zend Framework, Sessions, and HttpOnly php php

Zend Framework, Sessions, and HttpOnly


php zend-framework session httponly

Try at bootstrap to do Zend_Session::setOptions(array('cookie_httponly' => true)); ( somewhere before the session is first initialized ) tough it should work with the app.ini file too .

php zend-framework session httponly

Add this to your application.ini file.

phpSettings.session.cookie_httponly = true

php zend-framework session httponly

For this to be 100% safe.

The server should not allow the option http trace.The http option trace reports the session id.If a attacker can inject a java applet, flash or javascript with ajax the attacker can also steal cookies even with the httponly flag set...

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last