Mailing List Archive

On 17/12/15 14:41, DB wrote:
> Howdy. PCI scanner complains about "Cookie Does Not Contain The "secure"
> Attribute" even though I 301 all http requests to https. Is there an
> existing/easy way to add this "secure" attribute to my site's cookies?

Which cookie is the PCI scanner complaining about?


Peter

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

On 12/17/2015 02:41 AM, DB wrote:
> Howdy. PCI scanner complains about "Cookie Does Not Contain The "secure"
> Attribute" even though I 301 all http requests to https. Is there an
> existing/easy way to add this "secure" attribute to my site's cookies?
>

Secure attribute:

https://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly

MV_PASSWORD cookie will have the secure flag, but not the other cookies
if I read the source correctly.

You can enable httponly attribute:

Pragma set_httponly

Regards
Racke


--
Perl and Dancer Development

Visit our Perl::Dancer conference 2015.
More information on https://www.perl.dance.


_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users