views:

49

answers:

2

Is there a way to check if the cookie is httponly in php?

+1  A: 

I don't think that's possible, because this information is not included in the raw headers sent by the browser. In fact, it doesn't make sense to send flags like these back to the server, because they are meaningless to the server and only wastes bandwidth.

NullUserException
+1  A: 

Well, yes. You'll find it in the array returned by session_get_cookie_params, as long as your PHP is 5.2.0 or newer.

djn