Oct 13th, 2011
PHP hardening using session.cookie_httponly & session.referer_check
PHP hardening using session.cookie_httponly & session.referer_check
PHP hardening using session.cookie_httponly & session.referer_check
Setting this value to 1 prevents JavaScript from accessing PHP session cookies. This can help prevent attackers from stealing session cookies. However, you may be unable to use this directive if your users utilize PHP session cookies via JavaScript.
This parameter allows PHP to check HTTP referrer values. This allows you to specify a domain, ensuring that session information is only passed internally during the time a user is working with a web application. This will prevent your users from accidentally exposing session information that may allow malicious users to follow links and steal a session.