Welcome to our Secure Development Tips blog

Every other week, we provide expert tech tips on how to build and deploy secure applications.  These best practices, derived from Security Innovation’s assessments of the worlds’ most dominant software applications,  are taken directly from our TeamMentor product, which includes more than 3,500 guidance assets and articles on secure software design, coding and testing.    

Recent Security Innovation Blog Post:

Subscribe by Email

Your email:

Secure Development Tips

a blog with tips relating to secure application development, from Security Innovation's eknowledge database, TeamMentor

Current Articles | RSS Feed RSS Feed

Set Strict Domain and Path Values on Session Cookies in PHP


What to Do

Set strict domain and path values on session cookies.


Setting strict domain and path values on session cookies makes it harder for attackers to hijack user sessions.


To set strict domain and path values on session cookies:

  1. Define a strict cookie path. Use the application path as the cookie path.
  2. Define a strict cookie domain. If the application uses a subdomain, use it as the cookie domain value.
  3. Set the path and domain values. Edit the php.ini file. Set "session.cookie_path" to the strict cookie path. Set "session.cookie_domain" to the strict cookie domain.


Currently, there are no comments. Be the first to post one!
Post Comment
Website (optional)

Allowed tags: <a> link, <b> bold, <i> italics