Where is the "secure" tag in the Magento cookie on a secure SSL site?

Question

Where is the "secure" tag in the Magento cookie on a secure SSL site?

Our site is secured by an SSL site, and the Magento 'secure' and 'unsecure' URL variables point to the https: // URL. However, a PCI check showed that cookies were not safe. They want to see a “safe” keyword when cookies are created using Set-Cookies in the page header.

I see Magento using this function in \ shop \ app \ code \ core \ Mage \ Core \ Model \ Cookie.php

if (is_null($secure)) { $secure = $this->isSecure(); } if (is_null($httponly)) { $httponly = $this->getHttponly(); } setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);

but I'm not sure where the value of isSecure () comes from and why does it not contain the text “secure”?

SetCookie in page title:

 frontend=sj4j9kltv7nc00gk8s0i81koi3; expires=Thu, 06-Nov-2014 23:39:11 GMT; path=/; domain=www.mydomaine.com; HttpOnly"

+5

php cookies http-headers magento

Mustapha george Nov 07 '14 at 2:19

source share

1 answer

kuba_ceg · Accepted Answer · 2014-11-13T09:51:13+0000

Magento sets secure cookies only for the admin, try setting http://www.magentocommerce.com/magento-connect/secure-frontend-cookie.html , it should help :)

If this does not help, simply override the isSecure model from Mage_Core_Model_Cookie , the method:

 public function isSecure() { return $this->_getRequest()->isSecure(); }

Where is the "secure" tag in the Magento cookie on a secure SSL site?

More articles: