httponly secure cookies flag

More
3 months 1 week ago #184141 by eyeballs
Newbie is back and learning all this great stuff.

I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php

With secure ===> true

i set:

http only is set to true then reboot - no change;

httponly set to false ; then reboot - no change


But it does not seem to help Trustwave detects insecure cookies.

limesurvey version 3.16.1+190314

Any other suggestion?

Please Log in or Create an account to join the conversation.

LimeSurvey Partners
More
3 months 1 week ago #184142 by eyeballs
I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.

thanks
Attachments:

Please Log in or Create an account to join the conversation.

More
3 months 1 week ago #184143 by DenisChenu
The second cookies is manual.limesurvey.org/Optional_settings#Request_settings , you can update it in your config.php

Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update

You can report as a feature/fix to be by default.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!