php - where is 'secure' tag in Magento cookie on SSL secure site? -
our site ssl secured site, , magento 'secure' , 'unsecure' url variables both point @ https:// url. pci audit indicated cookies unsecure. want see 'secure' keyword when cookies created via set-cookie in page header.
i see magento uses function in \shop\app\code\core\mage\core\model\cookie.php
if (is_null($secure)) { $secure = $this->issecure(); } if (is_null($httponly)) { $httponly = $this->gethttponly(); } setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); but not sure value issecure() coming , why not contain text 'secure'?
setcookie in page header:
frontend=sj4j9kltv7nc00gk8s0i81koi3; expires=thu, 06-nov-2014 23:39:11 gmt; path=/; domain=www.mydomaine.com; httponly"
magento set secure cookies admin only, seek install http://www.magentocommerce.com/magento-connect/secure-frontend-cookie.html module, should help :)
if not help help override issecure mage_core_model_cookie model, method:
public function issecure() { homecoming $this->_getrequest()->issecure(); } php magento cookies http-headers
No comments:
Post a Comment