在PHP中的PHPSESSID cookie上设置httpOnly并确保其安全

问题描述：

在PHPSESSID cookie上设置httponly和安全标志的推荐方法是什么?

Whats the recommended way to set httponly and secure flags on the PHPSESSID cookie?

I found http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-httponly. Any better suggestions?

谢谢

答

我认为最好的方法是:

In my opinion the best would be: http://www.php.net/manual/en/function.session-set-cookie-params.php

void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] )