Session Cookies Attributes are not set properly - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: Session Cookies Attributes are not set properly (/showthread.php?tid=80744)

Session Cookies Attributes are not set properly - jsy - 12-12-2021 how to Set the Secure and Domain attributes for the session cookie and Set the value of the Path attribute to the actual virtual directory path of the application If the application resides at /myapp/, then verify that the cookie path is set to; path=/myapp/ and not to; path=/. I set this in config.php $config['sess_driver'] = 'files'; $config['sess_cookie_name'] = ' myappa'; $config['sess_expiration'] = 7200; $config['sess_save_path'] = NULL; $config['sess_match_ip'] = TRUE; $config['sess_time_to_update'] = 300; $config['sess_regenerate_destroy'] = TRUE; but it will not work properly . RE: Session Cookies Attributes are not set properly - InsiteFX - 12-13-2021 CodeIgniter 4 User Guide - Session Preferences CodeIgniter 4 User Guide - Accessing Cookie’s Attributes RE: Session Cookies Attributes are not set properly - jsy - 12-13-2021 I'm expecting like this. using ci version -3.1 eg, If the application resides at /myapp/, then verify that the cookie path is set to; path=/myapp/ and not to; path=/. RE: Session Cookies Attributes are not set properly - InsiteFX - 12-14-2021 CI 3 In addition to the values above, the cookie and native drivers apply the following configuration values shared by the Input and Security classes: Preference Default Description cookie_domain ‘’ The domain for which the session is applicable cookie_path / The path to which the session is applicable cookie_secure FALSE Whether to create the session cookie only on encrypted (HTTPS) connections Note: The ‘cookie_httponly’ setting doesn’t have an effect on sessions. Instead the HttpOnly parameter is always enabled, for security reasons. Additionally, the ‘cookie_prefix’ setting is completely ignored.