PDA

View Full Version : "Secure" Attribute



dvarner
03-10-2008, 11:49 AM
I tried posting this on the DD scripts forum and received no feedback, so I figured I'd try the javascript experts.

1) Script Title: Switch Menu

2) Script URL (on DD): http://www.dynamicdrive.com/dynamici...switchmenu.htm

3) Describe problem: I'm running this script on my web site (www.keyhealthcaresolutions.com). I run SSL and nightly ScanAlert scans to check for vulnerabilities. I'm receiving a level 1 report which I am 99% sure is because of the JavaScript - "Missing Secure Attribute in an Encrypted Session (SSL) Cookie."

It looks like I need to set the "secure attribute" for the cookie, and I cannot figure out how to do that. I tried to add "Secure" where it made sense (var cookievalue=(persisttype=="sitewide")? blockid+";path=/;Secure" : blockid), and I tried (var cookievalue=(persisttype=="sitewide")? blockid+";path=/;Secure=True" : blockid), but neither seems stops the errors.

Can I set the secure attribute, and how can I do that?

tmdown
03-10-2008, 09:32 PM
As far as i can tell, (var cookievalue=(persisttype=="sitewide")? blockid+";path=/;Secure" : blockid) is the correct way to do it.. "Secure" might be case sensitive, though (stranger things have happened). Have you tried all lowercase?

dvarner
03-10-2008, 09:57 PM
I tried "Secure" and "secure=true", but not "secure". I will give this a try. Thanks.