New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optional secure tracker cookie #11410
Comments
Thanks for the suggestion @kkretsch - I think we'd need a new method in the piwik.js tracker code eg. |
Hi! Can I work on this? |
@dudu84 sure, a pull request would be very welcome |
Hi @mattab! As I am new here I'm little bit lost yet. |
@dudu84 setSecureCookies would set the internal variable to 1, and then in setCookie() you'll check this variable, and if it is set then you set the secure cookie flag |
Note: this feature wasn't working, but this PR hopefully fixes it: #12355 |
This time it is working according to user in the forums. |
I think this topic was discussed years ago, but I do get negativ security points via Mozillas observatory when delivering first party tracking cookies without the secure flag.
I think it should be possible to enable that plag on a per website basis. Most websites I setup are SSL only, a request to non encrypted pages gets redirected to ssl and that ist the recommended canonical url for every page. So I don't need any sharing of session tracking cookies between http and https.
The text was updated successfully, but these errors were encountered: