留言板

Cookie without secure flag

Pankaj Kumar,修改在6 年前。

Cookie without secure flag

Regular Member 帖子: 101 加入日期: 14-7-27 最近的帖子
Hi All,

Please tell me how we can make Liferay in build cookies secure.While scanning our application using security tool its show Liferay in build cookies are insecure e.g GUEST_LANGUAGE_ID.

Does Liferay provide any property to make these in build property secure.

Thanks & Regards,
Pankaj Semwal
thumbnail
Samuel Kong,修改在6 年前。

RE: Cookie without secure flag

Liferay Legend 帖子: 1902 加入日期: 08-3-10 最近的帖子
Are you connecting to the server over HTTPS? Also, what version of Liferay Portal are you using?
Pankaj Kumar,修改在6 年前。

RE: Cookie without secure flag

Regular Member 帖子: 101 加入日期: 14-7-27 最近的帖子
Yes ,We are connecting server using https and using Liferay 6.2 EE version.
thumbnail
Samuel Kong,修改在6 年前。

RE: Cookie without secure flag

Liferay Legend 帖子: 1902 加入日期: 08-3-10 最近的帖子
If you're connecting over https, the secure flag should be on the cookie. Since you're using an EE version, I recommend that you create a support ticket. The Liferay Support team is better equipped to handle issues with the EE version.