cancel
Showing results for 
Search instead for 
Did you mean: 

Renaming PHPSESSIONID cookie to add __Host- cookie prefix

Renaming PHPSESSIONID cookie to add __Host- cookie prefix

Would it be safe with Magento 2.4.3-p1 to rename the phpsessid cookie to be more secure by adding the __Host- cookie prefix now supported in all modern browsers?

 

Although configuring a cookie prefix is not supported natively in M2 (should it be?) it can be easily accomplished in the php.ini by reconfiguring session name value.

 

session.name = __SECURE-PHPSESSID

 

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

 

 

1 REPLY 1

Re: Renaming PHPSESSIONID cookie to add __Host- cookie prefix

I'm not familiar with Cookie Prefixes but PHP should support it out of the box:

<?php

session_name('__Secure-PHPSESSID');
session_start();

http://php.net/manual/en/function.session-name.php

If issue solved, Click Kudos & Accept as Solution.
LitCommerce - The Most Simple & Affordable Multi-channel Selling Tool