Switching to session.cookie_secure will disconnect my users?

Question

Switching to session.cookie_secure will disconnect my users?

I am running an https website and would like to include them in php.ini for added security:

session.cookie_httponly = 1
session.cookie_secure = 1

I could find a lot of information about this on the Internet, but not about saving the old session id when it was turned on.

Perhaps this will lead to an automatic logout result, because php now expects secure cookies, but registered users do not have these ... right after the switch?

+4

security php session cookies

Tieme Sep 11 '15 at 14:01

source share

2 answers

, , .

0

Josip Ivic 11 . '15 14:17

Scott Arciszewski · Answer 1 · 2017-12-28T18:44:14+0000

Anecdotally, I turned it on for hundreds of websites in my career that used HTTPS and never made it crash everyone.

.ini- cookie , secure , HTTP-. .

session_start() C, php_session_start(), ( ) $_COOKIE.

cookie SAPI, "if secure , ".

- SAPI, , , cookie HTTP, HTTPS, , ( HTTPS ).

:

, , HTTPS ( )
, , .

Switching to session.cookie_secure will disconnect my users?

More articles: