Score:1

How do I change the "secure" and "httpOnly" attributes of the cookies provided by the EU Cookie Compliance module?

ec flag

I am using the eu cookie compliance module in Drupal 9 and I need to change the "secure" and "httpOnly" values of the cookies, as I am getting a vulnerability error "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute". I have tested from the settings.php using the following code:

ini_set('session.cookie_secure', 1);

However it didn't work, I also tried with some modules but it didn't work either. enter image description here

id flag
What is the Drupal version? What module produces those cookies?
Juan Carlos Osorio avatar
ec flag
I am using drupal 9
id flag
Which module produces those cookies? You did not say that in the question. I am downvoting the question until you add that information.
Juan Carlos Osorio avatar
ec flag
I am using the eu cookie compliance module
id flag
Please add that information to the Question. Also, for what it's worth, those are not PHP session cookies so `ini_set('session.cookie_secure', 1)` will not do anything to change these cookies..
Juan Carlos Osorio avatar
ec flag
Oh okay I understand
Score:1
id flag

By looking over the 8.x-1.x branch of that module, what you are asking seems to be unsupported there. It sets cookies like:

cookies.set(cookieName, status, { path: path, domain: domain, sameSite: 'strict' });

However, cookies.set supports all the possible options.

So the answer to this question is: Open a feature request with the module maintainers, or patch the files in the js directory, or both.

Juan Carlos Osorio avatar
ec flag
wow thank you very much my friend
id flag
Please accept the answer.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.