Set-Cookie header __Host- or __Secure-

  • Resolved jseutens

    (@jseutens)


    4 years, 3 months ago

    Is it possible to add an option to change the cookie names with nothing in front (like now) , with __Host- or __Secure- in front ? this is for better security.
    So that the possible options for example would be:
    cookielawinfo-checkbox-non-necessary
    __Host-cookielawinfo-checkbox-non-necessary
    __Secure-cookielawinfo-checkbox-non-necessary

    Set-Cookie cookielawinfo-checkbox-necessary=yes; expires=Sat, 12-Dec-2020 20:25:07 GMT; Max-Age=3600; path=/; HttpOnly; Secure; SameSite=Strict
    Set-Cookie cookielawinfo-checkbox-non-necessary=no; expires=Sat, 12-Dec-2020 20:25:07 GMT; Max-Age=3600; path=/; HttpOnly; Secure; SameSite=Strict

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author WebToffee

    (@webtoffee)

    Hi @jseutens,

    We understand your concern, but at this point, updating the cookie name would affect all the 900,000+ active users of the plugin and as such we cannot proceed. Sorry about that.

    Thread Starter jseutens

    (@jseutens)

    I don’t want you to change the cookie name in a standard config.
    It can stay cookielawinfo-checkbox-necessary etc for everyone who doesn’t change the settings.
    but I want a setting where i can choose between

    the normal name (standard config for all sites, so nothing will change for them)
    or
    selecting __Host- in front of the standard name
    or
    selecting __Secure- in front of the standard name

    This would not change anything for the 900000+ installs , but it gives security minded people the option to use the host or secure option on request.

    ?? thanks for reconsidering.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Set-Cookie header __Host- or __Secure-’ is closed to new replies.