Thursday, November 10, 2011

Code Igniter - Setting Secure flag for Session

Php5 gives you ability to set secure flag with function setcookie, but codeigniter doesnt.

http://php.net/manual/en/function.setcookie.php

see 6th argument to setcookie.

It saves session with Encryption and using md5 but still security softwares objects your website because
non secure session.

I was searching for a while do it good way, but didnt find it, so I came up with this hack.

In CI_HOME/system/libraries/Session.php

Basically CI passes $secure = 0 as  a hardcoded argument to setcookie function.

I set this value to 1. one can write some more code to make it configurable thru CI config file.

With $secure=1, Session cookie wont be saved for domains accessed with http://urdomain.com

it only works with https://urdomain.com


Let me know if its issue or better way doing this.


All the best.

No comments: