Marks the cookie as accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).
Edite o arquivo de configuração do php:
Edite o arquivo de configuração do php:
Adicione a linha, dentro da seção [Session]:
session.cookie_httponly = True
Salve o arquivo e reinicie o apache.
Salve o arquivo e reinicie o apache.
0 comentários:
Postar um comentário