How do I change the "secure" and "httpOnly" attributes of the cookies provided by the EU Cookie Compliance module?

Juan Carlos Osorio

1/10/24, 7:43 PM

I am using the eu cookie compliance module in Drupal 9 and I need to change the "secure" and "httpOnly" values of the cookies, as I am getting a vulnerability error "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute". I have tested from the settings.php using the following code:

ini_set('session.cookie_secure', 1);

However it didn't work, I also tried with some modules but it didn't work either.

313

1 + 6

cilefen

1/10/24, 8:27 PM

What is the Drupal version? What module produces those cookies?

Juan Carlos Osorio

1/10/24, 8:28 PM

I am using drupal 9

cilefen

1/10/24, 8:30 PM

Which module produces those cookies? You did not say that in the question. I am downvoting the question until you add that information.

Juan Carlos Osorio

1/10/24, 8:31 PM

I am using the eu cookie compliance module

cilefen

1/10/24, 8:34 PM

Please add that information to the Question. Also, for what it's worth, those are not PHP session cookies so `ini_set('session.cookie_secure', 1)` will not do anything to change these cookies..

Juan Carlos Osorio

1/10/24, 8:44 PM

Oh okay I understand

Score:1

Drupal

cilefen

1/10/24, 8:52 PM

By looking over the 8.x-1.x branch of that module, what you are asking seems to be unsupported there. It sets cookies like:

cookies.set(cookieName, status, { path: path, domain: domain, sameSite: 'strict' });

However, cookies.set supports all the possible options.

So the answer to this question is: Open a feature request with the module maintainers, or patch the files in the js directory, or both.

+ 2

Juan Carlos Osorio

1/10/24, 9:05 PM

wow thank you very much my friend

cilefen

1/10/24, 9:19 PM

Please accept the answer.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How do I change the "secure" and "httpOnly" attributes of the cookies provided by the EU Cookie Compliance module?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.