PCI scan problem with secure session

Quote

Post by lovenatural » Thu Aug 20, 2020 1:22 am

Hello. Does anyone know how to fix this scan problem: Session Cookie Does Not Contain the "Secure" Attribute?
OC 3.3.0.1 on php 7.2, site is fully on https
lovenatural
New member
Posts
45
Joined
Sat Aug 08, 2015 12:04 am
Top

Re: PCI scan problem with secure session

Quote

Post by ADD Creative » Thu Aug 20, 2020 2:32 am

In system/framework.php change.

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.

Code: Select all

setcookie($config->get('session_name'), $session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), true, true);
In catalog/controller/startup/session.php change.

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
To.

Code: Select all

setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), true, true);
Instead in true, true you could use ini_get('session.cookie_secure'), ini_get('session.cookie_httponly') if you have configured them to On.

www.add-creative.co.uk

ADD Creative
Guru Member
Posts
5262
Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Top
Post Reply
Return to “General Support”
Who is online

Users browsing this forum: No registered users and 13 guests