Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PCI Compliance: Cookies HttpOnly flag is not set

‎10-16-2020 05:36 AM
‎10-16-2020 05:36 AM

PCI Compliance: Cookies HttpOnly flag is not set

In the default cookie settings, the Use HTTP Only option is already set to Yes. But the PCI Compliance checking has found several cookies that are not set. Here is the list:
  1. section_data_ids
  2. section_data_clean
  3. private_content_version
  4. recently_viewed_product
  5. mage-cache-storage-section-invalidation
  6. form_key

I already tried the suggestions here: Magento 2 : How to set secure cookie OR HTTP ONLY FLAG SET. But none of them worked. Can someone please help on this issue?

Labels:
0 Kudos
Reply
2 REPLIES 2
‎11-18-2020 11:23 AM
‎11-18-2020 11:23 AM

Re: PCI Compliance: Cookies HttpOnly flag is not set

Have you come across any solutions?  Pretty sure I'm running into the same issue with 2.3.4 and 2.3.6 in my testing environment.   Still digging into it currently. 

0 Kudos
Reply
‎11-18-2020 09:36 PM
‎11-18-2020 09:36 PM

Re: PCI Compliance: Cookies HttpOnly flag is not set

Still no solution. Posted this on Github too
https://github.com/magento/magento2/issues/30583
0 Kudos
Reply