Results 1 to 3 of 3

Thread: "Secure" Attribute

  1. #1
    Join Date
    Mar 2008
    Location
    Langhorne, PA USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default "Secure" Attribute

    I tried posting this on the DD scripts forum and received no feedback, so I figured I'd try the javascript experts.

    1) Script Title: Switch Menu

    2) Script URL (on DD): http://www.dynamicdrive.com/dynamici...switchmenu.htm

    3) Describe problem: I'm running this script on my web site (www.keyhealthcaresolutions.com). I run SSL and nightly ScanAlert scans to check for vulnerabilities. I'm receiving a level 1 report which I am 99% sure is because of the JavaScript - "Missing Secure Attribute in an Encrypted Session (SSL) Cookie."

    It looks like I need to set the "secure attribute" for the cookie, and I cannot figure out how to do that. I tried to add "Secure" where it made sense (var cookievalue=(persisttype=="sitewide")? blockid+";path=/;Secure" : blockid), and I tried (var cookievalue=(persisttype=="sitewide")? blockid+";path=/;Secure=True" : blockid), but neither seems stops the errors.

    Can I set the secure attribute, and how can I do that?

  2. #2
    Join Date
    Mar 2008
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    As far as i can tell, (var cookievalue=(persisttype=="sitewide")? blockid+";path=/;Secure" : blockid) is the correct way to do it.. "Secure" might be case sensitive, though (stranger things have happened). Have you tried all lowercase?

  3. #3
    Join Date
    Mar 2008
    Location
    Langhorne, PA USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    I tried "Secure" and "secure=true", but not "secure". I will give this a try. Thanks.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •