cancel
Showing results for 
Search instead for 
Did you mean: 

Magento 1 Cookie Does Not Contain The "secure" Attribute

SOLVED
   Did you know you can see the translated content as per your choice?

Translation is in progress. Please check again after few minutes.

Magento 1 Cookie Does Not Contain The "secure" Attribute

Is there any way to make all the cookies to secure at a time In Magento 1 

I tried the following Setting in Magento 1 configuration 

 

System->configuration->(General) > Web > session cookie management->use HTTP Only->Yes

 

But still, cookies are not set to HTTPOnly 

I want both attributes HttpOnly and secure should be set

Let me know if anything I can do for this.

Thank You.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

I want to make it for all the cookies.

This is generated in the report by running a WAS scan by Qualys.

 

View solution in original post

5 REPLIES 5

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

Hi @smita_kagwade 

 

please check the below article this might help you.

where-is-secure-tag-in-magento-cookie-on-ssl-secure-site 

 

Hope this helps.

 

Problem Solved?Click Accept as solution or give kudos. 

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

Hi @smita_kagwade 
What do you mean by all cookies?

All the cookies set by Magento or any other cookies also used in the domain?

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

I want to make it for all the cookies.

This is generated in the report by running a WAS scan by Qualys.

 

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

Re: Magento 1 Cookie Does Not Contain The "secure" Attribute

override isSecure from Mage_Core_Model_Cookie model, method:

 

public function isSecure() {

return $this->_getRequest()->isSecure();

}

Well, This does not work.

 

Any thoughts what needs to be checked further in code ?