Hi Guys,
I'm writing a customer portal that uses the built in php session management. I have read that using insecure cookies can lead to a security risk. Unfortunately the book doesn't extend this by saying what kind of a risk!! I have been googling for this but cannot find an answer - can anybody advise me or point me to a reference?
I know you can send a secure cookie using the php cookies method but I am using sesssion_start() so it's automated. Is there any way to specify a secure cookie for this or is it automatic if it's over a secure connection? [Note I cannot change the switch in php.ini as we have an internal application on the same server that doesn't use https but does use sessions].
Any help gratefully recieved,
George
