Tagged: cookies
-
AuthorPosts
-
June 9, 2018 at 7:18 pm #970502
Hey, how can we set the cookie to
secure (so the cookie is only transferred via https).
To add more security to this part of website. I can not figure out, how to change the .js file in this case.
As your cookie solution is via js, the HttpOnly tag could not be set :(. Maybe you change this later with an essential secuity update 4.5 :). Where i can set up many security parts.- This topic was modified 6 years, 6 months ago by Pako.
June 10, 2018 at 12:25 pm #970755Hey Pako,
Please elaborate – what do you mean with “I can not figure out, how to change the .js file in this case.”
Which JS file do you want to modify?Best regards,
DudeJune 10, 2018 at 3:14 pm #970777Found out the Solution. If you use an SSL Encrypted site. You may prevent the browser to access the cookie without ssl. You can change your “avia-snippet-cookieconsent.js” file in the themes js folder as following:
(function($) { "use strict"; $(document).ready(function() { //You can give the Cookie a name here. if (! aviaGetCookie('W32CookieConsent')){ $('.avia-cookie-consent').removeClass('cookiebar-hidden'); } //close btn $('.avia-cookie-close-bar').on('click', function(e) { //Set here how long it will be stored in days, here 30 days var cookieContents = $(this).attr('data-contents'); aviaSetCookie('W32CookieConsent',cookieContents,30); $('.avia-cookie-consent').addClass('cookiebar-hidden'); e.preventDefault(); }); //info btn if($.avia_utilities.av_popup) { var new_options = { type:'inline', midClick: true, // Allow opening popup on middle mouse click. Always set it to true if you don't provide alternative source in href. items:{ src: '#av-consent-extra-info', type:'inline', } }; new_options = $.extend({}, $.avia_utilities.av_popup, new_options); $('.avia-cookie-info-btn').magnificPopup(new_options); } else { $('.avia-cookie-info-btn').on('click', function(e) { alert('Default Lightbox must be activated for this feature to work'); e.preventDefault(); }); } //Setze Cookie mit Secure Flag function aviaSetCookie(CookieName,CookieValue,CookieDays) { if (CookieDays) { var date = new Date(); date.setTime(date.getTime()+(CookieDays*24*60*60*1000)); var expires = "; expires="+date.toGMTString(); } //Advices the browser to store with the secure flag. So communication with the cookie is allowed only via ssl else var expires = ""; document.cookie = CookieName+"="+CookieValue+expires+"; path=/; secure"; } function aviaGetCookie(CookieName) { var docCookiesStr = CookieName + "="; var docCookiesArr = document.cookie.split(';'); for(var i=0; i < docCookiesArr.length; i++) { var thisCookie = docCookiesArr[i]; while (thisCookie.charAt(0)==' ') { thisCookie = thisCookie.substring(1,thisCookie.length); } if (thisCookie.indexOf(docCookiesStr) == 0) { var cookieContents = $('.avia-cookie-close-bar').attr('data-contents'); var savedContents = thisCookie.substring(docCookiesStr.length,thisCookie.length); if (savedContents == cookieContents) { return savedContents; } } } return null; } }); })( jQuery );
- This reply was modified 6 years, 6 months ago by Pako.
June 10, 2018 at 7:12 pm #970846Hi,
Great, glad you found the code you were looking for!
Best regards,
Dude -
AuthorPosts
- The topic ‘Cookie Secure’ is closed to new replies.