session.cookie_httponly
INI • INI default value changed in 8.5
Session: session.cookie_httponly — Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
| Default value | 0 |
| Development value | empty |
| Production value | empty |
Modifiability: INI_ALL - The session.cookie_httponly INI directive can be configured anywhere, including php.ini files, ini_set calls, Apache .htaccess files, per-directory .ini files, etc.
[Session]
session.cookie_httponly = 0Changes to the session.cookie_httponly INI
PHP 8.5
- INI directive default value changed from
` to0`
session.cookie_httponly INI Availability
session.cookie_httponly INI Availability| PHP Version | Availability |
|---|---|
| PHP 8.6Future Release | Yes |
| PHP 8.5Upcoming Release | Yes |
| PHP 8.4Supported (Latest) | Yes |
| PHP 8.3Supported | Yes |
| PHP 8.2Security-Fixes Only | Yes |
| PHP 8.1Security-Fixes Only | Yes |
| PHP 8.0Unsupported | Yes |
| PHP 7.4Unsupported | Yes |
| PHP 7.3Unsupported | Yes |
| PHP 7.2Unsupported | Yes |
| PHP 7.1Unsupported | Yes |
| PHP 7.0Unsupported | Yes |
| PHP 5.6Unsupported | Yes |
| PHP 5.5Unsupported | Yes |
| PHP 5.4Unsupported | Yes |
| PHP 5.3Unsupported | Yes |