Showing results for 
Search instead for 
Did you mean: 

Force Cookies to be 'secure' flagged

Force Cookies to be 'secure' flagged

Hello community,


we are facing the problem that we fail the PCI compliance network scan due to the missing secure flag for the cookies set by our Magento 2.0.9 system.


We already tried to force the cookies to be secure flagged via htaccess and php.ini, without success.

(Our htaccess contains also a rule to force HTTP to be HTTPS. The whole website should be delivered HTTPS only.)


Is there a central Cookie class file or anything else where we could set a KEY_SECURE attribute to true for ALL cookies?

We really need to pass this PCI compliance network scan. I guess everyone has this problem when accepting credit card payment.

Unfortunately I wasn't able to find a solution using google, etc..


Thanks for your help!