@tom275 opened this Issue on March 6th 2020

Found out _pk_ref-cookie is not secure, despite setSecureCookies is set. All the other _pk-cookies however are.
A quick look into the javascript code the check for a secure cookie is missing on some other cookies, e. g. CustomDimension, too.
Maybe the check if a cookie needs the secure flag can be moved to the setCookie-function instead of doing it individually for every single cookie.

@tom275 commented on March 6th 2020

Something similar was done in 2018: https://github.com/matomo-org/matomo/issues/12841

This Issue was closed on March 9th 2020
Powered by GitHub Issue Mirror