New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check that all Matomo cookies are set with the Secure flag in the UI #12841

Closed

mattab opened this issue May 7, 2018 · 1 comment

Labels

Milestone

Member

mattab commented May 7, 2018

We got a security report piwik_lang Cookie has problem(s) piwik_lang = language%3Dczo1OiJ6aC10dyI7%3A_%xxxxx; Host = OURSITE; Path = / 1. Cookie does not have secure attribute.

-> Let's check and ensure that all our cookies have the Secure flag, when Matomo is used over HTTPS.

The text was updated successfully, but these errors were encountered:

mattab added the c: Security label

mattab added this to the 3.6.0 milestone

sgiehl mentioned this issue

Use secure lang cookie when using https #13104

Merged

diosmosis mentioned this issue

In CliMulti, increase wait time as elapsed run time grows. #13231

Merged

Member

diosmosis commented Jul 31, 2018

@mattab checked and the lang & (now unused) auth cookie are both secure if HTTPS is used. The tracker cookies aren't, but I think we want them to be applied regardless of protocol. Closing this.

diosmosis closed this as completed

GreenReaper mentioned this issue

Upgrade to 3.8.0b4 triggered failure to login without 'session_save_handler = ' #13852

Closed

tom275 mentioned this issue

Check that all Matomo cookies are set with the secure flag #15681

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment