What is the best practice for handling cookies in PHP?

When handling cookies in PHP, it is important to sanitize and validate the data before setting the cookie to prevent security vulnerabilities such as XSS attacks. It is also recommended to set the cookie with the HttpOnly flag to prevent client-side scripts from accessing it. Additionally, encrypting sensitive data before storing it in a cookie can add an extra layer of security.

// Sanitize and validate data before setting the cookie
$cookieValue = filter_var($_POST[&#039;cookie_data&#039;], FILTER_SANITIZE_STRING);

// Set the cookie with HttpOnly flag
setcookie(&#039;cookie_name&#039;, $cookieValue, time() + 3600, &#039;/&#039;, &#039;&#039;, true, true);

// Encrypt sensitive data before storing it in the cookie
$encryptedData = encryptData($cookieValue);
setcookie(&#039;encrypted_cookie&#039;, $encryptedData, time() + 3600, &#039;/&#039;, &#039;&#039;, true, true);

Keywords

setcookie $_COOKIE session_start secure expiration

What is the best practice for handling cookies in PHP?

Keywords

Related Questions