@mattab opened this Issue on May 7th 2018 Member

We got a security report piwik_lang Cookie has problem(s) piwik_lang = language%3Dczo1OiJ6aC10dyI7%3A_%xxxxx; Host = OURSITE; Path = / 1. Cookie does not have secure attribute.

-> Let's check and ensure that all our cookies have the Secure flag, when Matomo is used over HTTPS.

@diosmosis commented on July 31st 2018 Member

@mattab checked and the lang & (now unused) auth cookie are both secure if HTTPS is used. The tracker cookies aren't, but I think we want them to be applied regardless of protocol. Closing this.

This Issue was closed on July 31st 2018
Powered by GitHub Issue Mirror