Ensure cookies have the secure flag set

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Metadata

ID: php-security/cookie-secure-flag

Language: PHP

Severity: Error

Category: Security

CWE: 614

Description

The secure flag is a part of the setcookie function in PHP that dictates that the cookie should only be sent to the server with an encrypted request over the HTTPS protocol.

Using this flag helps protect sensitive cookie data from being exposed over insecure connections, reducing the risk of data theft or tampering. Cookies often contain sensitive information, and transmitting them securely is a fundamental part of web application security.

To ensure compliance with this rule, always set the secure flag to true when using the setcookie or session_set_cookie_params functions in PHP. For example, setcookie($name, $value, $expire, $path, $domain, true); or session_set_cookie_params($lifetime, $path, $domain, true);. By doing this, you can significantly enhance the security of your PHP applications.

Non-Compliant Code Examples

<?php
$value = "cookie data";
setcookie($name, $value, $expire, $path, $domain, false);
session_set_cookie_params($lifetime, $path, $domain, false);

Compliant Code Examples

<?php
$value = "cookie data";
setcookie($name, $value, $expire, $path, $domain, true);
session_set_cookie_params($lifetime, $path, $domain, true);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis