From the course: PHP: Creating Secure Websites
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Cookie configuration - PHP Tutorial
From the course: PHP: Creating Secure Websites
Cookie configuration
- [Instructor] In this movie, we'll learn how to configure cookies to make them more secure. We'll begin by learning how to configure cookies securely. Cookies are not very secure by default. When a cookie is set, the cookie data is stored in the user's browser, where it may be visible to the user. In many browsers, a user can simply go into the browser preferences to inspect their cookies. We also already discussed that cross-site scripting attacks can use JavaScript to access and steal cookie data. If a website is not using HTTPS exclusively, then cookie data is also visible in transit from the browser to the web server and vice versa. Because of this, it's a good practice to limit cookies to data that is not sensitive. It's fair to store information, like a user's language preference, but it would not be suitable for storing any kind of ID to give access to password protected areas. A few simple configurations can…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.