To post a new support question, click the Post New Topic button below.
Current Version: 4.9.1 | Sytist Manual | Common Issues | Feature Requests
Please log in or Create an account to post or reply to topics.
You will still receive notifications of replies to topics you are part of even if you do not subscribe to new topic emails.
How To Secure Website Cookies
M
M Davis
324 posts
Sat Oct 21, 17 5:15 PM CST
I ran a security check on my website from the 1and1 control panel which provided the following.
"Action recommended
"Secure your cookies
"Your website uses unsecured cookies, which can be read via JavaScript. This could allow an attacker, for example, to more easily access customer data in the current user session.
"In most cases, it is not necessary for web applications to access cookies in the browser. Browsers have a built-in feature which allows you to control whether or not a cookie is accessible. To enable this feature, set up the Http-Only flag in the 'Set-Cookie' response header:
"Set-Cookie: MyCookie=MyValue; path=/; HttpOnly
"If you are using PHP, you can set the flag simply by using the setcookie()function. PHP already sets a session cookie itself – you can influnce the behaviour of this by using the session_set_cookie_params()function."
How do I implement the above?
"Action recommended
"Secure your cookies
"Your website uses unsecured cookies, which can be read via JavaScript. This could allow an attacker, for example, to more easily access customer data in the current user session.
"In most cases, it is not necessary for web applications to access cookies in the browser. Browsers have a built-in feature which allows you to control whether or not a cookie is accessible. To enable this feature, set up the Http-Only flag in the 'Set-Cookie' response header:
"Set-Cookie: MyCookie=MyValue; path=/; HttpOnly
"If you are using PHP, you can set the flag simply by using the setcookie()function. PHP already sets a session cookie itself – you can influnce the behaviour of this by using the session_set_cookie_params()function."
How do I implement the above?
Edited Sat Oct 21, 17 5:15 PM by M Davis
M Davis
Tim - PicturesPro.com
16,207 posts
(admin)
Sun Oct 22, 17 10:12 AM CST
There is no customer information stored in the cookies.
Tim Grissett, DIA - PicturesPro.com
My Email Address: info@picturespro.com
My Email Address: info@picturespro.com
Please log in or Create an account to post or reply to topics.
Loading more pages