Solved: Magento 1 Cookie Does Not Contain The "secure" Att...

smita_kagwade · ‎05-04-2020

Is there any way to make all the cookies to secure at a time In Magento 1

I tried the following Setting in Magento 1 configuration

System->configuration->(General) > Web > session cookie management->use HTTP Only->Yes

But still, cookies are not set to HTTPOnly

I want both attributes HttpOnly and secure should be set

Let me know if anything I can do for this.

Thank You.

smita_kagwade · ‎05-06-2020

I want to make it for all the cookies.

This is generated in the report by running a WAS scan by Qualys.

shubham_khandelwal1 · ‎05-04-2020

please check the below article this might help you.

Hope this helps.

Problem Solved?Click Accept as solution or give kudos.

Mukesh Tiwari · ‎05-05-2020

Hi @smita_kagwade
What do you mean by all cookies?

All the cookies set by Magento or any other cookies also used in the domain?

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

smita_kagwade · ‎05-06-2020

I want to make it for all the cookies.

This is generated in the report by running a WAS scan by Qualys.

Mukesh Tiwari · ‎05-06-2020

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

hamendrasub7ef · ‎09-17-2020

override isSecure from Mage_Core_Model_Cookie model, method:

public function isSecure() {

return $this->_getRequest()->isSecure();

}

Well, This does not work.

Any thoughts what needs to be checked further in code ?

Magento 1 Cookie Does Not Contain The "secure" Attribute