[ic] Cookie Does Not Contain The "secure" Attribute
Stefan Hornburg (Racke)
racke at linuxia.de
Thu Dec 17 07:44:07 UTC 2015
On 12/17/2015 02:41 AM, DB wrote:
> Howdy. PCI scanner complains about "Cookie Does Not Contain The "secure"
> Attribute" even though I 301 all http requests to https. Is there an
> existing/easy way to add this "secure" attribute to my site's cookies?
>
Secure attribute:
https://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly
MV_PASSWORD cookie will have the secure flag, but not the other cookies
if I read the source correctly.
You can enable httponly attribute:
Pragma set_httponly
Regards
Racke
--
Perl and Dancer Development
Visit our Perl::Dancer conference 2015.
More information on https://www.perl.dance.
More information about the interchange-users
mailing list