how to set secure flag on cookies in laravel 5.4

You need to override the default setting using session_set_cookie_params, set the $secure flag to true,

void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] )

more info at php.net

In laravel you need to alter the config/session.php configuration,set the secure flag to true

/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/

'secure' => true,

In newer versions of laravel you can simply set the SESSION_SECURE_COOKIE=true in the .env file

You can set the value of secure true in your config/session.php file as illustrated below;

'secure' => env( 'SESSION_SECURE_COOKIE', true ),

how to set secure flag on cookies in laravel 5.4

Tags:

Php

Security

Cookies

Laravel 5

Related

Recent Posts