How to set cookie flag

19 December 2018, 17:12

I check my site via an automated site scanner and I get the following warning:
The 'secure' flag is not set on this cookie. 

Has anyone got any idea how to fix this issue?
Will a CustomHeaderClient rule fix it?

Thank you
Joe Schmoe
19 December 2018, 19:55
That's an application server setting. If you are using PHP, here are the settings.
20 December 2018, 00:52
Really nice. Thank you for the URL
31 December 2018, 21:36
You may also find use for ?

VirtualHost {
..... priorconfig ....
CustomHeaderClient = X-Frame-Options: DENY
CustomHeaderClient = X-XSS-Protection: 1; mode=block
CustomHeaderClient = X-Content-Type-Options: nosniff
CustomHeaderClient = Feature-Policy: camera 'none'; geolocation 'none'; autoplay 'none'; microphone 'none'; payment 'none'; midi 'none'; document-domain 'none'
# for HPKP to work there is a requirement for a backup certificate etc; to validate
# CustomHeaderClient = Public-Key-Pins: 'pin-sha256="8m5G/Ukr0dZXczdV6ivuUY1Cwl10ZdH7lQmCt57pU3M="; pin-sha256="8m5G/Ukr0dZXczdV6ivuUY1Cwl10ZdH7lQmCt57pU3M="; max-age=7779999;inludeSubdomains;'
CustomHeaderClient = Referrer-Policy: no-referrer
2 January 2019, 18:40
Thank you
I will use some of that for sure
This topic has been closed.