cancel
Showing results for 
Search instead for 
Did you mean: 

Set "HttpOnly" & "Secure" flag to all cookies Magento 1

Set "HttpOnly" & "Secure" flag to all cookies Magento 1

In Magento 1

I can see many of the cookie are without Secure flag and HttpOnly set on website.

Is their any way to set Secure flag and HttpOnly set on all server Cookie ?

I need to make all server cookie secure.

I have tried “Use HTTP Only” option in Magento to add "httponly" flag in cookies.

System > Configuration > General > Web > Session Cookie Management

It works but not for all cookies. Also i have tried

override isSecure from Mage_Core_Model_Cookie model, method:

public function isSecure() {

return $this->_getRequest()->isSecure();

}

But, This does not work. Any thoughts on this ?

Thankyou

1 REPLY 1

Re: Set "HttpOnly" & "Secure" flag to all cookies Magento 1