Skip to content Skip to sidebar Skip to footer
Home / Cookies / Html / Php

Cookie Without Secure Flag And Httponly Flag Set

Post a Comment
Recently a scan was run on one of our applications and it returned the following 1 security threats: 1.Cookies NotMarked As Secure::Cookie without Secure flag set 2.Cookie without

Solution 1:

use setcookie(). read about it here. Set the sixth parameter to true to make the cookie secure.

Solution 2:

The code you are showing does not set the cookie. It might trigger setting a cookie, but essentially you must look at the CACHE class and see what's going on there.

You are looking for function calls of setcookie(), and if not found, for header('Set-Cookie...').

You'll have to change setcookie() to include all the default values for the optional parameters, until at the end you set the last two to true for secure and httponly.

Have a look at the manual: http://de1.php.net/setcookie

Post a Comment for "Cookie Without Secure Flag And Httponly Flag Set"