@anonymous-piwik-user opened this Issue on July 5th 2011


Looking at ticket:409#comment:50

For compability with https pages, the cookie secure flag should be set automatically based on the current URL protocol (in setCookie())

And the follow up, ticket:409#comment:53 I would expect a Piwik install that is only available via https to set the secure cookie flag.

However this doesn't seem to be the case, see for example the cookies that get set on this site: http://www.transitionnetwork.org/

The Piwik server is running 1.5.

Keywords: https secure cookie

@robocoder commented on July 6th 2011 Contributor

First party cookies are associated with the domain of the URL of the document loaded, not where the javascript came from or the Piwik URL.

The behaviour you're expecting can be replicated by using third-party cookies.

@mattab commented on January 29th 2018 Member

Secure cookies is now available in Matomo 3.3.0
-> You can use _paq.push(['setSecureCookie', true]); to enable the secure flag on all tracking cookies.

Learn more: https://developer.matomo.org/api-reference/tracking-javascript

and FAQ: How do I enable Secure cookie flags in all tracking cookies?

This Issue was closed on July 6th 2011
Powered by GitHub Issue Mirror