Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #970502

    Hey, how can we set the cookie to

    secure (so the cookie is only transferred via https).

    To add more security to this part of website. I can not figure out, how to change the .js file in this case.
    As your cookie solution is via js, the HttpOnly tag could not be set :(. Maybe you change this later with an essential secuity update 4.5 :). Where i can set up many security parts.

    • This topic was modified 6 years, 6 months ago by Pako.
    #970755

    Hey Pako,

    Please elaborate – what do you mean with “I can not figure out, how to change the .js file in this case.”
    Which JS file do you want to modify?

    Best regards,
    Dude

    #970777

    Found out the Solution. If you use an SSL Encrypted site. You may prevent the browser to access the cookie without ssl. You can change your “avia-snippet-cookieconsent.js” file in the themes js folder as following:

    (function($) {
    
        "use strict";
    
        $(document).ready(function() {
    	
    //You can give the Cookie a name here.
            if (! aviaGetCookie('W32CookieConsent')){
                $('.avia-cookie-consent').removeClass('cookiebar-hidden');
            }
    
    		//close btn
            $('.avia-cookie-close-bar').on('click', function(e) {
    //Set here how long it will be stored in days, here 30 days
                var cookieContents = $(this).attr('data-contents');
                aviaSetCookie('W32CookieConsent',cookieContents,30);
    
                $('.avia-cookie-consent').addClass('cookiebar-hidden');
                
                e.preventDefault();
            });
            
            //info btn
            if($.avia_utilities.av_popup)
            {
    	        var new_options = {
    				type:'inline',
    				midClick: true, // Allow opening popup on middle mouse click. Always set it to true if you don't provide alternative source in href.
    				items:{
    					src: '#av-consent-extra-info',
    					type:'inline',	
    				}
    			};
    			
    			new_options = $.extend({}, $.avia_utilities.av_popup, new_options);
    	        $('.avia-cookie-info-btn').magnificPopup(new_options);
    		}
    		else
    		{
    			$('.avia-cookie-info-btn').on('click', function(e) {
                alert('Default Lightbox must be activated for this feature to work');
                e.preventDefault();
            });
    		}
    //Setze Cookie mit Secure Flag
            function aviaSetCookie(CookieName,CookieValue,CookieDays) {
                if (CookieDays) {
                    var date = new Date();
                    date.setTime(date.getTime()+(CookieDays*24*60*60*1000));
                    var expires = "; expires="+date.toGMTString();
                }
    //Advices the browser to store with the secure flag. So communication with the cookie is allowed only via ssl
                else var expires = "";
                document.cookie = CookieName+"="+CookieValue+expires+"; path=/; secure";
            }
    
            function aviaGetCookie(CookieName) {
                var docCookiesStr = CookieName + "=";
                var docCookiesArr = document.cookie.split(';');
    
                for(var i=0; i < docCookiesArr.length; i++) {
                    var thisCookie = docCookiesArr[i];
    
                    while (thisCookie.charAt(0)==' ') {
                        thisCookie = thisCookie.substring(1,thisCookie.length);
                    }
                    if (thisCookie.indexOf(docCookiesStr) == 0) {
                        var cookieContents = $('.avia-cookie-close-bar').attr('data-contents');
                        var savedContents = thisCookie.substring(docCookiesStr.length,thisCookie.length);
                        if (savedContents == cookieContents) {
                            return savedContents;
                        }
                    }
                }
                return null;
            }
    
        });
    
    })( jQuery );
    
    • This reply was modified 6 years, 6 months ago by Pako.
    #970846

    Hi,

    Great, glad you found the code you were looking for!

    Best regards,
    Dude

Viewing 4 posts - 1 through 4 (of 4 total)
  • The topic ‘Cookie Secure’ is closed to new replies.