Thursday, November 10, 2011

Code Igniter - Setting Secure flag for Session

Php5 gives you ability to set secure flag with function setcookie, but codeigniter doesnt.

see 6th argument to setcookie.

It saves session with Encryption and using md5 but still security softwares objects your website because
non secure session.

I was searching for a while do it good way, but didnt find it, so I came up with this hack.

In CI_HOME/system/libraries/Session.php

Basically CI passes $secure = 0 as  a hardcoded argument to setcookie function.

I set this value to 1. one can write some more code to make it configurable thru CI config file.

With $secure=1, Session cookie wont be saved for domains accessed with

it only works with

Let me know if its issue or better way doing this.

All the best.

Post a Comment