PokeBet88 online casino,Slots statistics 2021.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved janneke8incosi
(@janneke8incosi)

7 years, 5 months ago

Hi!
I’ve applied your wonderful plugin and it works great! But I have one question….

A security scan was done and the only problem was:

Threat
The session cookie does not contain the “secure” attribute
Impact
Session Cookies with “secure” attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose users to sniffing attacks that could lead to
user impersonation or account compromise
Solution
Apply the “secure” attribute to session cookies to ensure that they will be sent via HTTPS only.

At Cookie security I’ve checke “on” and “secure”, or did I had to check “HttpOnly”?

The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Dimitar Ivanov
(@zinoui)

7 years, 5 months ago

When HttpOnly option is checked the cookie will be made accessible only through the HTTP protocol. This means that the cookie won’t be accessible by scripting languages, such as JavaScript. It helps for reducing identity theft through XSS attacks.

The Secure option works only for cookies sent by the web server (like session cookies).

Your website has 4 cookies, all of them set by javascript (see below).

https://static.incosi.com/wp-content/plugins/wf-cookie-consent/js/cookiechoices.js
displayCookieConsent

https://static.incosi.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js
_icl_current_language

https://static.incosi.com/wp-content/plugins/sitepress-multilingual-cms/res/js/browser-redirect.js
wpml_browser_redirect_test
wpml_browser_redirect_test

To make them secure you must append the “; secure” string to the end.

Thread Starter janneke8incosi
(@janneke8incosi)

7 years, 5 months ago

Thanks Dimitar!
And how do I do that???? I’m a newbie in this field……
Janneke

Plugin Author Dimitar Ivanov
(@zinoui)

7 years, 5 months ago

You have to edit these files:

https://static.incosi.com/wp-content/plugins/wf-cookie-consent/js/cookiechoices.js
Line: 178
document.cookie = cookieName + '=y;path=/; expires=' + expiryDate.toGMTString() + '; secure';

https://static.incosi.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js
Line: 5
'path': cookieData.path, 'secure': true

https://static.incosi.com/wp-content/plugins/sitepress-multilingual-cms/res/js/browser-redirect.js
Line: 106
domain: domain, secure: true

Thread Starter janneke8incosi
(@janneke8incosi)

7 years, 5 months ago

Found it, did it, thanks!!!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Cookie security’ is closed to new replies.

Tags