-
Posts
-
Hey, how can we set the cookie to
secure (so the cookie is only transferred via https).
To add more security to this part of website. I can not figure out, how to change the .js file in this case.
As your cookie solution is via js, the HttpOnly tag could not be set :(. Maybe you change this later with an essential secuity update 4.5 :). Where i can set up many security parts.Hey Pako,
Please elaborate – what do you mean with “I can not figure out, how to change the .js file in this case.”
Which JS file do you want to modify?Best regards,
DudeFound out the Solution. If you use an SSL Encrypted site. You may prevent the browser to access the cookie without ssl. You can change your “avia-snippet-cookieconsent.js” file in the themes js folder as following:
(function($) { "use strict"; $(document).ready(function() { //You can give the Cookie a name here. if (! aviaGetCookie('W32CookieConsent')){ $('.avia-cookie-consent').removeClass('cookiebar-hidden'); } //close btn $('.avia-cookie-close-bar').on('click', function(e) { //Set here how long it will be stored in days, here 30 days var cookieContents = $(this).attr('data-contents'); aviaSetCookie('W32CookieConsent',cookieContents,30); $('.avia-cookie-consent').addClass('cookiebar-hidden'); e.preventDefault(); }); //info btn if($.avia_utilities.av_popup) { var new_options = { type:'inline', midClick: true, // Allow opening popup on middle mouse click. Always set it to true if you don't provide alternative source in href. items:{ src: '#av-consent-extra-info', type:'inline', } }; new_options = $.extend({}, $.avia_utilities.av_popup, new_options); $('.avia-cookie-info-btn').magnificPopup(new_options); } else { $('.avia-cookie-info-btn').on('click', function(e) { alert('Default Lightbox must be activated for this feature to work'); e.preventDefault(); }); } //Setze Cookie mit Secure Flag function aviaSetCookie(CookieName,CookieValue,CookieDays) { if (CookieDays) { var date = new Date(); date.setTime(date.getTime()+(CookieDays*24*60*60*1000)); var expires = "; expires="+date.toGMTString(); } //Advices the browser to store with the secure flag. So communication with the cookie is allowed only via ssl else var expires = ""; document.cookie = CookieName+"="+CookieValue+expires+"; path=/; secure"; } function aviaGetCookie(CookieName) { var docCookiesStr = CookieName + "="; var docCookiesArr = document.cookie.split(';'); for(var i=0; i < docCookiesArr.length; i++) { var thisCookie = docCookiesArr[i]; while (thisCookie.charAt(0)==' ') { thisCookie = thisCookie.substring(1,thisCookie.length); } if (thisCookie.indexOf(docCookiesStr) == 0) { var cookieContents = $('.avia-cookie-close-bar').attr('data-contents'); var savedContents = thisCookie.substring(docCookiesStr.length,thisCookie.length); if (savedContents == cookieContents) { return savedContents; } } } return null; } }); })( jQuery );
- The topic ‘Cookie Secure’ is closed to new replies.