Cookie security

**subzero** · 10.01.10, 18:24

Self allowed.

Only sent to owner !!

**Ponick** · 13.01.10, 13:07

Originally posted by ripkk2tfk View Post

What is the best way to prevent cookie's from being stolen?

In your .htaccess file, use the code below:

php_flag session.use_trans_sid off Lol

**Guest** · 16.01.10, 19:04

My server does not work this code php_flag session.use_trans_sid off

**subzero** · 16.01.10, 19:17

Use php.ini as your edit that into that

php.ini

Code:

[PHP]
; Move to sid off.
session.use_trans_sid off

But i never seen this code before session.use_trans_sid off

**ori** · 17.01.10, 05:53

ive heard ppl using it but ive never needed it ur best to make cookie ($_SESSION) store ip and browser and have each page check that they match or unset the cookie ($_SESSION) i no some ppl just use the cookie id as the session maybe store ses or sid in the cookie as a $_SESSION var then u can just unset($_SESSION['ses']);

**Ponick** · 17.01.10, 19:11

Step 1.
Also assuming your webserver is Apache, insert the following code into .htaccess to prevent session IDs from appearing

php_value session.use_only_cookies 1
php_value session.use_trans_sid 0

Step 2.

Consider the following code, on every page of your site...
$actualurl= 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$correcturl = 'http://www.MYSITE.COM/';
if ($correcturl != $actualurl) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . $correcturl);
exit();
}

**Guest** · 26.01.10, 12:04

Can I insert this code: php_value session.use_only_cookies 1
php_value session.use_trans_sid 0
in htaccess gives me server error 500

of which cause the server to appear this error if so what tre
'???

Cookie security

Cookie security

Comment

Comment

Comment

Comment

Comment

Comment

Comment