Cookie Does Not Contain The "secure" and the "HTTPOnly" Attribute

Created on 14 May 2024, 6 months ago

Updated 14 September 2024, 2 months ago

I work on my Drupal 10 website (https) using WAMP Server with Apache.

I've just received the results of a security audit and found two issues:

the cookies don't contain the 'secure' and 'HttpOnly' attributes.

I tried to fix this by adding the following lines to my httpd.conf BUT it doesn't seem to be working.

Can anyone help me with this?

I'm using Eu cookies compliance module

<IfModule mod_headers.c>
    Header always edit Set-Cookie (.*) "$1; HttpOnly; Secure"
</IfModule>

mod_headers is enabled and I restarted Apache

💬 Support request

Status

Closed: duplicate

Version

1.0

Component

Code

Created by

La19913

Live updates comments and jobs are added and updated live.

Comments & Activities

Production build 0.71.5 2024