httponly secure cookies flag

Plus d'informations
il y a 3 mois 1 semaine #184141 par eyeballs
Newbie is back and learning all this great stuff.

I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php

With secure ===> true

i set:

http only is set to true then reboot - no change;

httponly set to false ; then reboot - no change


But it does not seem to help Trustwave detects insecure cookies.

limesurvey version 3.16.1+190314

Any other suggestion?

Connexion ou Créer un compte pour participer à la conversation.

LimeSurvey Partners
Plus d'informations
il y a 3 mois 1 semaine #184142 par eyeballs
Réponse de eyeballs sur le sujet httponly secure cookies flag
I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.

thanks
Pièces jointes :

Connexion ou Créer un compte pour participer à la conversation.

Plus d'informations
il y a 3 mois 1 semaine #184143 par DenisChenu
Réponse de DenisChenu sur le sujet httponly secure cookies flag
The second cookies is manual.limesurvey.org/Optional_settings#Request_settings , you can update it in your config.php

Same for Same site flag : manual.limesurvey.org/Optional_settings#Other_sessions_update

You can report as a feature/fix to be by default.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Connexion ou Créer un compte pour participer à la conversation.

Commencez dès maintenant !

Créez simplement un compte et commencez à utiliser LimeSurvey dès aujourd'hui.

Inscrivez-vous maintenant

Inscrivez-vous à notre Newsletter!