Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Renaming PHPSESSIONID cookie to add __Host- cookie prefix

‎11-29-2021 03:30 AM
‎11-29-2021 03:30 AM

Renaming PHPSESSIONID cookie to add __Host- cookie prefix

Would it be safe with Magento 2.4.3-p1 to rename the phpsessid cookie to be more secure by adding the __Host- cookie prefix now supported in all modern browsers?

 

Although configuring a cookie prefix is not supported natively in M2 (should it be?) it can be easily accomplished in the php.ini by reconfiguring session name value.

 

session.name = __SECURE-PHPSESSID

 

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

 

 

0 Kudos
Reply
1 REPLY 1
‎12-15-2021 07:36 PM
‎12-15-2021 07:36 PM

Re: Renaming PHPSESSIONID cookie to add __Host- cookie prefix

I'm not familiar with Cookie Prefixes but PHP should support it out of the box:

<?php

session_name('__Secure-PHPSESSID');
session_start();

http://php.net/manual/en/function.session-name.php

If issue solved, Click Kudos & Accept as Solution.
LitCommerce - The Most Simple & Affordable Multi-channel Selling Tool
0 Kudos
Reply