• Resolved starmindr

    (@starmindr)


    Our security scorecard dropped after installing this plugin since the wordpress_google_apps_login cookie does not set the ‘HttpOnly’ attribute. Is there any way to change that?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Hello Starmindr,

    Greetings from the WP-Glogin team!

    Thank you for contacting us with your concern. In order to your concern I would like to request you can you please forward your concern on [email protected] our technical team can better assist you in this matter.

    Thanks & Regards

    Why can’t we get an answer on here, as this affects myself and probably other users?

    • This reply was modified 4 years, 10 months ago by dilbert16588.

    Hello @dilbert16588,

    Greetings of the day!

    Thank you so much for your feedback on this.

    In order to your concern why we ask to forward your concern is we have a technical team on [email protected]. Our technical team personally look into clients issue and try to resolve the concern as soon as possible.

    Our customer support team will respond you within 24 hours in working days.

    Now in order to your concern about HttpOnly attribute issue I would like to suggest please go to your plugins folders and find the file named core_google_apps_login.php which is located in google-apps-login/core/.

    Open that file and find the code given below.

    setcookie(self::$gal_cookie_name, $this->get_cookie_value(), 0, ‘/’, defined(‘COOKIE_DOMAIN’) ? COOKIE_DOMAIN : ”, $secure );

    replace this code with

    setcookie(self::$gal_cookie_name, $this->get_cookie_value(), 0, ‘/’, defined(‘COOKIE_DOMAIN’) ? COOKIE_DOMAIN : ”, $secure, true );

    I hope this will helps you to resolve your concern if not I would like to suggest please forward your concern on [email protected] our customer support team will look into this for you and try to resolve your concern as soon as possible.

    Thanks & Regards,

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Session Cookie Missing ‘HttpOnly’ Attribute’ is closed to new replies.