Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #970502

    Hey, how can we set the cookie to

    secure (so the cookie is only transferred via https).

    To add more security to this part of website. I can not figure out, how to change the .js file in this case.
    As your cookie solution is via js, the HttpOnly tag could not be set :(. Maybe you change this later with an essential secuity update 4.5 :). Where i can set up many security parts.

    • This topic was modified 2 years, 2 months ago by  Werk32.

    Hey Pako,

    Please elaborate – what do you mean with “I can not figure out, how to change the .js file in this case.”
    Which JS file do you want to modify?

    Best regards,


    Found out the Solution. If you use an SSL Encrypted site. You may prevent the browser to access the cookie without ssl. You can change your “avia-snippet-cookieconsent.js” file in the themes js folder as following:

    (function($) {
        "use strict";
        $(document).ready(function() {
    //You can give the Cookie a name here.
            if (! aviaGetCookie('W32CookieConsent')){
    		//close btn
            $('.avia-cookie-close-bar').on('click', function(e) {
    //Set here how long it will be stored in days, here 30 days
                var cookieContents = $(this).attr('data-contents');
            //info btn
    	        var new_options = {
    				midClick: true, // Allow opening popup on middle mouse click. Always set it to true if you don't provide alternative source in href.
    					src: '#av-consent-extra-info',
    			new_options = $.extend({}, $.avia_utilities.av_popup, new_options);
    			$('.avia-cookie-info-btn').on('click', function(e) {
                alert('Default Lightbox must be activated for this feature to work');
    //Setze Cookie mit Secure Flag
            function aviaSetCookie(CookieName,CookieValue,CookieDays) {
                if (CookieDays) {
                    var date = new Date();
                    var expires = "; expires="+date.toGMTString();
    //Advices the browser to store with the secure flag. So communication with the cookie is allowed only via ssl
                else var expires = "";
                document.cookie = CookieName+"="+CookieValue+expires+"; path=/; secure";
            function aviaGetCookie(CookieName) {
                var docCookiesStr = CookieName + "=";
                var docCookiesArr = document.cookie.split(';');
                for(var i=0; i < docCookiesArr.length; i++) {
                    var thisCookie = docCookiesArr[i];
                    while (thisCookie.charAt(0)==' ') {
                        thisCookie = thisCookie.substring(1,thisCookie.length);
                    if (thisCookie.indexOf(docCookiesStr) == 0) {
                        var cookieContents = $('.avia-cookie-close-bar').attr('data-contents');
                        var savedContents = thisCookie.substring(docCookiesStr.length,thisCookie.length);
                        if (savedContents == cookieContents) {
                            return savedContents;
                return null;
    })( jQuery );
    • This reply was modified 2 years, 2 months ago by  Werk32.


    Great, glad you found the code you were looking for!

    Best regards,

Viewing 4 posts - 1 through 4 (of 4 total)

The topic ‘Cookie Secure’ is closed to new replies.