方法1:将setcookie()函数的第七个参数设置为true
$sess_name = session_name();//必须在session_start之前调用session_name
if (session_start()) {
setcookie($sess_name, session_id(), null, '/', null, null, true);
}
方法2:使用header()函数
header( "Set-Cookie: name=value; httpOnly" );
参考资料:
How do you set up use HttpOnly cookies in PHP