- Posts: 25
- Thank you received: 1
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
httponly secure cookies flag
- eyeballs
- Topic Author
- Offline
- Junior Member
Less
More
4 years 11 months ago #184141
by eyeballs
httponly secure cookies flag was created by eyeballs
Newbie is back and learning all this great stuff.
I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php
With secure ===> true
i set:
http only is set to true then reboot - no change;
httponly set to false ; then reboot - no change
But it does not seem to help Trustwave detects insecure cookies.
limesurvey version 3.16.1+190314
Any other suggestion?
I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php
With secure ===> true
i set:
http only is set to true then reboot - no change;
httponly set to false ; then reboot - no change
But it does not seem to help Trustwave detects insecure cookies.
limesurvey version 3.16.1+190314
Any other suggestion?
The topic has been locked.
- eyeballs
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 25
- Thank you received: 1
4 years 11 months ago #184142
by eyeballs
Replied by eyeballs on topic httponly secure cookies flag
I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.
thanks
thanks
Attachments:
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13597
- Thank you received: 2487
4 years 11 months ago #184143
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic httponly secure cookies flag
The second cookies is
manual.limesurvey.org/Optional_settings#Request_settings
, you can update it in your config.php
Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update
You can report as a feature/fix to be by default.
Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update
You can report as a feature/fix to be by default.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.