httponly secure cookies flag

Más
2 meses 1 semana antes #184141 por eyeballs
Newbie is back and learning all this great stuff.

I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php

With secure ===> true

i set:

http only is set to true then reboot - no change;

httponly set to false ; then reboot - no change


But it does not seem to help Trustwave detects insecure cookies.

limesurvey version 3.16.1+190314

Any other suggestion?

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

LimeSurvey Partners
Más
2 meses 1 semana antes #184142 por eyeballs
Respuesta de eyeballs sobre el tema httponly secure cookies flag
I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.

thanks
Adjuntos:

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

Más
2 meses 1 semana antes #184143 por DenisChenu
Respuesta de DenisChenu sobre el tema httponly secure cookies flag
The second cookies is manual.limesurvey.org/Optional_settings#Request_settings , you can update it in your config.php

Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update

You can report as a feature/fix to be by default.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Por favor, Identificarse o Crear cuenta para unirse a la conversación.

¡Comenzar ahora!

Simplemente cree una cuenta y comience a usar LimeSurvey hoy mismo.

Registrarse ahora
¡Únase a nuestro boletín informativo!

Iniciar sesión