httponly secure cookies flag

Mehr
2 Monate 1 Woche her #184141 von eyeballs
Newbie is back and learning all this great stuff.

I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php

With secure ===> true

i set:

http only is set to true then reboot - no change;

httponly set to false ; then reboot - no change


But it does not seem to help Trustwave detects insecure cookies.

limesurvey version 3.16.1+190314

Any other suggestion?

Bitte Anmelden oder Registrieren um der Konversation beizutreten.

LimeSurvey Partners
Mehr
2 Monate 1 Woche her #184142 von eyeballs
I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.

thanks
Anhänge:

Bitte Anmelden oder Registrieren um der Konversation beizutreten.

Mehr
2 Monate 1 Woche her #184143 von DenisChenu
The second cookies is manual.limesurvey.org/Optional_settings#Request_settings , you can update it in your config.php

Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update

You can report as a feature/fix to be by default.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Bitte Anmelden oder Registrieren um der Konversation beizutreten.

Jetzt loslegen!

Melden Sie sich jetzt an, und erstellen Sie in wenigen Minuten Ihre erste Umfrage.

Account einrichten

Abonnieren Sie unseren Newsletter

Abonnieren Sie unseren Newsletter für alle Neuigkeiten rund um LimeSurvey
captcha