I think I have found the solution, everything appears to be correct setcookie('key2', 'value2', ['samesite' => 'Strict', 'secure' => true, 'httpOnly' => true]); With the above however I seem to be unable to put a lifespan on it as well as the path '/'
Please, I have a question. I am trying to do something like this but realise that the cookie is constantly removed when I refresh the page. I had set the expiry date to a point in the future but it is still removed
Have set HTTP to true, when i now write in the console document.cookie it has hidden the value i set for cookie, but irt still has two entry's which are: "_ga=GA1.2.1923171502.1558322790; _gid=GA1.2.189962841.1558322790" Do you know what these are. ?
Im having a big problem, i just can`t unset or set o 1our ago the cookie, making impossible to delete the cookie. I searched in the php manual but nothing helped.
+Rasmus Rosengren Hi :) copy directly from php.net/manual/en/function.setcookie.php httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. It has been suggested that this setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers), but that claim is often disputed. Added in PHP 5.2.0. TRUE or FALSE
+Andrew Ng Thanks, I guess it's silly to have cookies not needed by JS to be readable by JS. I wonder how the mechanism is to keep them private works though.
ah ok so there is a second flag for that, good to know or will it always be sent over https and that flag only ensures then, that it will only be sent encrypted (over https)?
Thank you very much!
Continuing on from this, how do you set the samesite attribute, strict, lax etc? Thanks
I think I have found the solution, everything appears to be correct
setcookie('key2', 'value2', ['samesite' => 'Strict', 'secure' => true, 'httpOnly' => true]);
With the above however I seem to be unable to put a lifespan on it as well as the path '/'
thank you
Thank you for another informative vid!
Please, I have a question. I am trying to do something like this but realise that the cookie is constantly removed when I refresh the page.
I had set the expiry date to a point in the future but it is still removed
I think you are protect against csrf attack rather than xss
Have set HTTP to true, when i now write in the console document.cookie it has hidden the value i set for cookie, but irt still has two entry's which are: "_ga=GA1.2.1923171502.1558322790; _gid=GA1.2.189962841.1558322790" Do you know what these are. ?
Im having a big problem, i just can`t unset or set o 1our ago the cookie, making impossible to delete the cookie.
I searched in the php manual but nothing helped.
You should change your video description. The links are still phpacademy.org
+scwfan08 I'm sure he knows. It redirects to Codecourse anyways.
I may sound stupid, but what is the point of doing this if you can see the cookie key and value in the developer tools?
+Rasmus Rosengren
Hi :) copy directly from php.net/manual/en/function.setcookie.php
httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. It has been suggested that this setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers), but that claim is often disputed. Added in PHP 5.2.0. TRUE or FALSE
+Andrew Ng Thanks, I guess it's silly to have cookies not needed by JS to be readable by JS. I wonder how the mechanism is to keep them private works though.
many thanks sir
where is the generating pdf video? :)
Does this include https atleast? If not then it's not safer!
ah ok so there is a second flag for that, good to know
or will it always be sent over https and that flag only ensures then, that it will only be sent encrypted (over https)?
ok good to know, thx!