- This topic has 1 reply, 2 voices, and was last updated 4 years, 6 months ago by
.
Viewing 2 posts - 1 through 2 (of 2 total)
I am trying to strengthen the security of my websites. I have set security policies in my nginx webserver, to promote secure cookies on my websites (using the header add_header Set-Cookie "Path=/; HttpOnly; Secure";).
There is only one cookie now that is never set as secure, it is the __wpdm_client cookie.
If this cookie is set with PHP, it should use the secure=true option (see https://www.php.net/manual/en/function.setcookie.php) when https is detected.
On the server-side, it’s on the programmer to send this kind of cookie only on secure connection (e.g. with respect to $_SERVER[“HTTPS”]).
Viewing 2 posts - 1 through 2 (of 2 total)
The topic "session cookies are never set as secure" is closed to new replies.