change the "secure" and "httpOnly" attributes of the session "cookie-agreed" and "cookie-agreed-version"

Created on 10 January 2023, almost 2 years ago
Updated 15 October 2023, about 1 year ago

I need to change the "secure" and "httpOnly" values of the cookies, as I am getting a vulnerability error "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute".
I have tried from the settings.php using the following code:
ini_set('session.cookie_secure', 1);
However it didn't work, I also tried with some modules but it didn't work either.

โœจ Feature request
Status

Active

Version

1.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024