@DaAwesomeP opened this Issue on December 17th 2013

When I try to setup Piwik, if I have this in my php.ini:

; http://php.net/session.cookie-secure
session.cookie_secure = 1

It causes an error:

Error: it seems you tried to skip a step of the Installation process, or your cookies are disabled, or the Piwik configuration file was already created. 
Make sure your cookies are enabled and go back to the first page of the installation .

Note that the default is set to '0' in the production php.ini example.


Keywords: session,cookie,secure,php,php.ini,setup,config

@anonymous-piwik-user commented on December 20th 2013

Are you connecting to Piwik over SSL? Your URL should start with "HTTPS://" if you are.

According to the PHP docs:
session.cookie_secure specifies whether cookies should only be sent over secure connections. Defaults to off.

That means that PHP will refuse to send cookies to the browser unless your connection is encrypted.

If by chance you're using a load balancer or other proxy setup where the browser connection is SSL-encrypted to the proxy, but the traffic between the proxy and the Piwik server is not, I can help you with that as well, just let me know. My Skype ID is the same as my username here.

@mattab commented on December 25th 2013 Member

If you were not using over SSL as @LyndsySimon suggest please reopen the ticket

@DaAwesomeP commented on December 25th 2013

I am sorry for my inactivity. This must have gotten marked as read in my inbox.

No, I am *not always*\ using HTTPS and never any tunneling. However, I am able to send cookies from PHP perfectly fine with both HTTP and HTTPS whether the setting is on or off. By "not always", I mean that I currently have both HTTP and HTTPS set up on my Apache server. Some pages on my site need the HTTPS and others do not. I usually use Piwik with HTTP since it is an internal website and I'm not worried about any interceptions.

@mattab commented on March 16th 2014 Member

If you use PHP configuration with cookie_secure on and Piwik, please also enable force_ssl setting: http://piwik.org/faq/how-to/faq_91/

Otherwise, Piwik by default does not support cookie_secure setting.

This Issue was closed on March 16th 2014
Powered by GitHub Issue Mirror