Forum

How to set cookie flag

Fred
19 December 2018, 17:12
Hi,

I check my site via an automated site scanner and I get the following warning:
The 'secure' flag is not set on this cookie.

Has anyone got any idea how to fix this issue?
Will a CustomHeaderClient rule fix it?

Thank you
Joe Schmoe
19 December 2018, 19:55
That's an application server setting. If you are using PHP, here are the settings.

https://stackoverflow.com/questions/22221807/session-cookies-http-secure-flag-how-do-you-set-these
Fred
20 December 2018, 00:52
Really nice. Thank you for the URL
commandline.be
31 December 2018, 21:36
You may also find use for ?

VirtualHost {
..... priorconfig ....
CustomHeaderClient = X-Frame-Options: DENY
CustomHeaderClient = X-XSS-Protection: 1; mode=block
CustomHeaderClient = X-Content-Type-Options: nosniff
CustomHeaderClient = Feature-Policy: camera 'none'; geolocation 'none'; autoplay 'none'; microphone 'none'; payment 'none'; midi 'none'; document-domain 'none'
# for HPKP to work there is a requirement for a backup certificate etc; to validate
# CustomHeaderClient = Public-Key-Pins: 'pin-sha256="8m5G/Ukr0dZXczdV6ivuUY1Cwl10ZdH7lQmCt57pU3M="; pin-sha256="8m5G/Ukr0dZXczdV6ivuUY1Cwl10ZdH7lQmCt57pU3M="; max-age=7779999;inludeSubdomains;'
CustomHeaderClient = Referrer-Policy: no-referrer
}
Fred
2 January 2019, 18:40
Thank you @commandline.be
I will use some of that for sure
This topic has been closed.
Back
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.