cancel
Showing results for 
Search instead for 
Did you mean: 

Magento 1 Cookie Does Not Contain The "secure" Attribute

SOLVED

Magento 1 Cookie Does Not Contain The "secure" Attribute

Is there any way to make all the cookies to secure at a time In Magento 1 

I tried the following Setting in Magento 1 configuration 

 

System->configuration->(General) > Web > session cookie management->use HTTP Only->Yes

 

But still, cookies are not set to HTTPOnly 

I want both attributes HttpOnly and secure should be set

Let me know if anything I can do for this.

Thank You.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

I want to make it for all the cookies.

This is generated in the report by running a WAS scan by Qualys.

 

View solution in original post

5 REPLIES 5

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

Hi @smita_kagwade 

 

please check the below article this might help you.

where-is-secure-tag-in-magento-cookie-on-ssl-secure-site 

 

Hope this helps.

 

Problem Solved?Click Accept as solution or give kudos. 

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

Hi @smita_kagwade 
What do you mean by all cookies?

All the cookies set by Magento or any other cookies also used in the domain?

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

I want to make it for all the cookies.

This is generated in the report by running a WAS scan by Qualys.

 

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

override isSecure from Mage_Core_Model_Cookie model, method:

 

public function isSecure() {

return $this->_getRequest()->isSecure();

}

Well, This does not work.

 

Any thoughts what needs to be checked further in code ?