Why is it important to set both the secure and httponly flags when creating cookies for sensitive data?

hard📝 Conceptual Q10 of 15

PHP - Sessions and Cookies

Why is it important to set both the secure and httponly flags when creating cookies for sensitive data?

ATo allow cookies to be shared across different domains

BTo make cookies expire faster and be accessible by JavaScript

CTo ensure cookies are sent only over HTTPS and inaccessible to JavaScript, reducing attack risks

DTo encrypt cookie data automatically on the server

Step-by-Step Solution

Solution:

Step 1: Understand the secure flag purpose
The secure flag ensures cookies are sent only over encrypted HTTPS connections, preventing interception.
Step 2: Understand the httponly flag purpose
The httponly flag prevents JavaScript access to cookies, reducing cross-site scripting attack risks.
Step 3: Combine both flags for sensitive data protection
Using both flags together enhances security by protecting cookie transmission and access.
Final Answer:
To ensure cookies are sent only over HTTPS and inaccessible to JavaScript, reducing attack risks -> Option C
Quick Check:
Secure + httponly = safer cookies [OK]

Quick Trick: Use both flags to protect sensitive cookies [OK]

Common Mistakes:

Master "Sessions and Cookies" in PHP

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More PHP Quizzes