On Tue, Nov 9, 2010 at 2:10 PM, Adam Richardson wrote:
>>
>> If the cookie needs to be encrypted, why not just encrypt it and worry less
>> about the transport layer? Or just down one hash value id cookie and pull
>> back the secure data for action just on the server?
>>
>> Bastien
>
>
> The issue
>
> If the cookie needs to be encrypted, why not just encrypt it and worry less
> about the transport layer? Or just down one hash value id cookie and pull
> back the secure data for action just on the server?
>
> Bastien
The issue highlighted in Yannick's question wouldn't be resolved by merely
On 2010-11-08, at 9:58 AM, Adam Richardson wrote:
>>
>> Couldn't Yannick also use $_SERVER['HTTPS'] and take action for the
>> session
>> and cookies accordingly?
>>
>> Regards,
>> Tommy
>
>
> Not to my understanding.
>
> When a visitor makes a request, the browser must determine which co
>
> Couldn't Yannick also use $_SERVER['HTTPS'] and take action for the
> session
> and cookies accordingly?
>
> Regards,
> Tommy
Not to my understanding.
When a visitor makes a request, the browser must determine which cookies are
appropriate for transmitting in the request. By the time PHP p
> -Original Message-
> From: Adam Richardson [mailto:simples...@gmail.com]
> Sent: Sunday, November 07, 2010 2:22 PM
> To: PHP-General
> Subject: Re: [PHP] Is session_start() using encrypted cookies with HTTPS
>
> On Sun, Nov 7, 2010 at 2:39 PM, Yannick Warnier
&
On Sun, Nov 7, 2010 at 2:39 PM, Yannick Warnier wrote:
> Hi all,
>
> It came to my attention through the Netcraft newsletter[1] that cookies
> in a web application are not always sent encrypted when a server is
> contacted through HTTPS.
>
Not quite. Requests and responses over HTTPS are encrypt
Hi all,
It came to my attention through the Netcraft newsletter[1] that cookies
in a web application are not always sent encrypted when a server is
contacted through HTTPS.
Looking at the setcookie()[2] documentation, there is effectively a
specific parameter (set to false by default). The descri
7 matches
Mail list logo
