httponly secure cookies flag

Mehr
2 Wochen 4 Tage her #184141 von eyeballs
COM_KUNENA_MESSAGE_CREATED_NEW
Newbie is back and learning all this great stuff.

I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php

With secure ===> true

i set:

http only is set to true then reboot - no change;

httponly set to false ; then reboot - no change


But it does not seem to help Trustwave detects insecure cookies.

limesurvey version 3.16.1+190314

Any other suggestion?

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

LimeSurvey Partners
Mehr
2 Wochen 4 Tage her #184142 von eyeballs
COM_KUNENA_MESSAGE_REPLIED_NEW
I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.

thanks
Anhang:

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Mehr
2 Wochen 4 Tage her #184143 von DenisChenu
COM_KUNENA_MESSAGE_REPLIED_NEW
The second cookies is manual.limesurvey.org/Optional_settings#Request_settings , you can update it in your config.php

Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update

You can report as a feature/fix to be by default.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Jetzt loslegen!

Melden Sie sich jetzt an, und erstellen Sie in wenigen Minuten Ihre erste Umfrage.

Account einrichten

Abonnieren Sie unseren Newsletter

Abonnieren Sie unseren Newsletter für alle Neuigkeiten rund um LimeSurvey
captcha