Web Application Cookies Lack Secure Flag

tarta

Verified User
Joined
Jan 31, 2018
Messages
81
Hi,
I've scanned my server and the result shows "Web Application Cookies Lack Secure Flag"
The following cookie does do not have the Secure cookie flag:
Cookie name: pma_lang, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: phpMyAdmin, Path: /phpMyAdmin/, Secure Flag: 0
what and where do I need to change to fix it?
thanks
 
Last edited by a moderator:
Hello,

I've merged your two threads into one. Please do not double-post.

I've tested on my end and I see:

Code:
# curl -i -s https://$(hostname -f)/phpMyAdmin/ | head -24 | grep set-cookie
set-cookie: pma_lang=en; expires=Fri, 08-Mar-2019 17:28:17 GMT; Max-Age=2592000; path=/phpMyAdmin/; secure; HttpOnly
set-cookie: phpMyAdmin=qklegr9uo7hnejogljh9odso8e; path=/phpMyAdmin/; secure; HttpOnly

See it has: secure; HttpOnly

Is your server fully updated?
 
Hi Alex,
1) Sorry for the duplicate.
2) running curl -i -s https://$(hostname -f)/phpMyAdmin/ | head -24 | grep set-cookie gives the following:

root@ds:~# curl -i -s https://$(hostname -f)/phpMyAdmin/ | head -24 | grep Set-Cookie
Set-Cookie: pma_lang=en; expires=Fri, 08-Mar-2019 19:24:37 GMT; Max-Age=2592000; path=/phpMyAdmin/; secure; HttpOnly
Set-Cookie: phpMyAdmin=km0lj02g0e95bnv9l4steepdo3; path=/phpMyAdmin/; secure; HttpOnly

and still https://scanmyserver.com/ shows:
The following cookie does do not have the Secure cookie flag:
Cookie name: pma_lang, Path: /phpMyAdmin/, Secure Flag: 0
Cookie name: phpMyAdmin, Path: /phpMyAdmin/, Secure Flag: 0


3) yes, server is fully updated
 
Never used the service from them, so you might need to contact their support for more details.
 
Back
Top