JasonDavis JasonDavis - 3 months ago 8
PHP Question

Do PHP sessions set any cookies?

I only manually set one cookie on my social network site, but I rely heavily on php sessions. I am wondering if sessions set any cookies behind the scenes?

I was just reading up on HttpOnly-cookies and I am just trying to figure out if I can use them.

Answer

PHP sessions can use cookies depending on how you configure them. Have a look at these settings:

  • session.use_cookies (boolean): specifies whether the module will use cookies to store the session id on the client side. Defaults to 1 (enabled).
  • session.use_only_cookies (boolean): specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 5.3.0.

If you disable session cookies, a GET parameter is used instead.

Comments