Jump to content
Timothy de Vos

Unsecure Cookie

Recommended Posts

I recently had one of my website's tested on security and the following error came out. 

The following cookie does do not have the Secure cookie flag: 
Cookie name: wire, Path: /, Secure Flag: 0 

Can anybody explain to me what this means and what the security risk are here?

 

Share this post


Link to post
Share on other sites

If you have a SSL certificate for your domain (https) the wire cookie is set with the secure flag by default. Have a look in wire/config.php

/**
 * Use secure cookies when on HTTPS?
 *
 * When enabled, separate sessions will be maintained for
 * HTTP vs. HTTPS. This ensures the session is secure on HTTPS.
 * The tradeoff is that switching between HTTP and HTTPS means
 * that you may be logged in on one and not the other.
 *
 * 0 or false: secure cookies off
 * 1 or true: secure cookies on (default)
 *
 * @var int
 *
 */
$config->sessionCookieSecure = 1; 

In the .htaccess file you can force using https:

  # -----------------------------------------------------------------------------------------------
  # 9. If you only want to allow HTTPS, uncomment the RewriteCond and RewriteRule lines below.
  # -----------------------------------------------------------------------------------------------
  # RewriteCond %{HTTPS} off
  # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  #

If the flag is enabled, the browser (should) send the cookie only via https.

  • Like 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...