Cookies in my app are not secured and not http only, but they are configured exactly as in example on CakePHP Book 2.0 - Session Configuration.
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 30,
'cookieTimeout' => 30,
'ini' => array(
'session.cookie_secure' => true,
'session.cookie_httponly' => true
)
));
I am using SSL so this should be done automatically, but it's not happening, not even when I set this manually, see the code above. Cookie timeouts work well.
Any ideas? Thank you very much!
Here you have used default parameter is 'PHP' in this case your application takes timeout of main PHP configuration like from php.ini file. you can set it 'cake' to control your session scope.