Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

httponly secure cookies flag

  • eyeballs
  • eyeballs's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
4 years 11 months ago #184141 by eyeballs
httponly secure cookies flag was created by eyeballs
Newbie is back and learning all this great stuff.

I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php

With secure ===> true

i set:

http only is set to true then reboot - no change;

httponly set to false ; then reboot - no change


But it does not seem to help Trustwave detects insecure cookies.

limesurvey version 3.16.1+190314

Any other suggestion?
The topic has been locked.
  • eyeballs
  • eyeballs's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
4 years 11 months ago #184142 by eyeballs
Replied by eyeballs on topic httponly secure cookies flag
I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.

thanks
Attachments:
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 11 months ago #184143 by DenisChenu
Replied by DenisChenu on topic httponly secure cookies flag
The second cookies is manual.limesurvey.org/Optional_settings#Request_settings , you can update it in your config.php

Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update

You can report as a feature/fix to be by default.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source