Cookie security
-
Hi!
I’ve applied your wonderful plugin and it works great! But I have one question….A security scan was done and the only problem was:
Threat
The session cookie does not contain the “secure” attribute
Impact
Session Cookies with “secure” attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose users to sniffing attacks that could lead to
user impersonation or account compromise
Solution
Apply the “secure” attribute to session cookies to ensure that they will be sent via HTTPS only.At Cookie security I’ve checke “on” and “secure”, or did I had to check “HttpOnly”?
The page I need help with: [log in to see the link]
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Cookie security’ is closed to new replies.