Insecure cookie

  • Resolved sherwin_flight

    (@sherwin_flight)


    3 years, 6 months ago

    I’m getting a warning from my security scanner that the wp_dlm_downloading lacks the “secure” flag.

    Looking at the CookieManager.php file included with the plugin I can see that the “httponly” flag is set to true, but the “secure” flag is set to false.

    Any chance of an update to address this issue?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Razvan Aldea

    (@raldea89)

    Hello @sherwin_flight ,

    If the “secure” flag is set to true the cookie will only be set if a secure connection exists. If the server doesn’t have SSL and we set the “secure” flag to true then the cookie won’t be set thus triggering some problems with our plugin. I’ll issue a ticket to our dev department to see if we can set the “secure” flag based on the server’s configuration. If is doable then most probably will end up in a future update, but honestly I can’t give you a time or a time period for that.

    Kind Regards!
    Razvan

    This topic will be marked as resolved as we have an open ticket on GitHub regarding this. Please keep in mind that the ‘resolved’ status is only for this support thread, not the issue on GitHub.
    You can follow the ticket here: https://github.com/WPChill/download-monitor/issues/687

    Thread Starter sherwin_flight

    (@sherwin_flight)

    Thank you, that’s great to hear. I appreciate that you took the time to check into this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Insecure cookie’ is closed to new replies.

Tags