Cookies with Secure, HttpOnly and SameSite flags

Tagged: cookies

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
November 22, 2019 at 12:07 pm #1159085

Jaispirit
Participant

Dear Support Team

What is the proper way to implement in ENFOLD cookies with Secure, HttpOnly and SameSite flags?

I am looking forward for your answer.

Best regards

November 26, 2019 at 4:53 am #1160185

Ismael
Moderator

Hey Jaispirit,

Thank you for the inquiry.

This is currently not possible because the cookies generated by the theme — specifically those related with the privacy options — are created using Javascript and HttpOnly can only be accessed or applied using server-side scripts like PHP.

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

To help mitigate cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript’s Document.cookie API; they are only sent to the server. For example, cookies that persist server-side sessions don’t need to be available to JavaScript, and the HttpOnly flag should be set.

In which cookies would you like to apply the parameters to?

Best regards,
Ismael
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Follow us on Facebook

Kriesi13.000+ likes

Open facebook page

Join our Facebook community

Subscribe to our Newsletter