baikal-docker icon indicating copy to clipboard operation
baikal-docker copied to clipboard
verified publisher icon ckulka

Insecure Cookies | Risk: 4.8

Open ykktrcb7 opened this issue 3 years ago • 2 comments

The cookie with the name 'PHPSESSID' does not have the flag 'secure' set. This may leak sensitive information.

PHP In PHP, configure the cookie settings for all delivered websites. Set the following in your /etc/php/php.ini file:

session.cookie_secure = 1
session.cookie_httponly = 1

ykktrcb7 avatar Dec 19 '22 13:12 ykktrcb7

A possible workaround is adding a header to your reverse proxy.

ykktrcb7 avatar Dec 19 '22 15:12 ykktrcb7

I have to check if making this change would break it for anyone who is not using HTTPS, but only HTTP. Granted, shouldn't be done, but I want to be very careful about breaking folk's existing setups.

ckulka avatar May 05 '24 12:05 ckulka