Loading...
 
Features / Usability

Features / Usability

Forum List Topic List

Forums » Features / Usability » How can I set the secure flag to the PHPSESSIDCV cookie
 
Thread actions
PDF Print this page
  • Print all pages

    • How can I set the secure flag to the PHPSESSIDCV cookie

    Posted by Renkie posts: 2

    I am running TIKI 16.2 on a 2012 R2 IIS server. Everything runs fine but I wanted to set the secure flag to both the cookies that are used.

    PHPSESSID -> I have set this to "secure" by changing the server php.ini (session.cookie_secure = 1)
    PHPSESSIDCV -> I can not seem to find a way to set the secure flag to this cookie.

    Can anyone tell me what the PHPSESSIDCV cookie is used for and if there is a way to enable the secure flag for this cookie aswell?

    In theory I could create a new cookie with the same name and set the secure flag. But since I do not know what the PHPSESSIDCV cookie is used for I would rather find out what the Original PHPSESSIDCV cookie is used for and how I can set the secure flag to it.

    Reads: 709
    Link
    Posted by Renkie posts: 2

    Allright:)

    I decided to post the question because I could not find a way to fix it afther hours and hours....

    And then suddenly I got it fixed, I think

    Tiki-setup-base.php
    Line 218
    Original:
    setcookie($extra_cookie_name, $sequence, time() + 365*24*3600, ini_get('session.cookie_path'));

    Edit:
    setcookie($extra_cookie_name, $sequence, time() + 365*24*3600, ini_get('session.cookie_path'), '', True);

    Earlier in the file extra_cookie_name is set to CV, that is why I could not find the full cookie name (PHPSESSIDCV)

    If there is a better way to get this fixed please reply.

    Link