jasonborden Posted October 3, 2014 Share Posted October 3, 2014 We want our users to send WHMCS's cookies only when using https. Is there a way to make WHMCS set its cookies with the secure attribute? Thanks, Jason 0 Quote Link to comment Share on other sites More sharing options...
Alex - Arvixe Posted October 3, 2014 Share Posted October 3, 2014 Hopefully I am understanding you correctly with this answer but if not, can you elaborate? You can force HTTPS for your WHMCS so you don't have to worry about anything being sent over HTTP. Check out this thread: http://forums.whmcs.com/showthread.php?44555-How-to-force-SSL-on-all-of-WHMCS-(admin-and-client)&highlight=https 0 Quote Link to comment Share on other sites More sharing options...
jasonborden Posted October 3, 2014 Author Share Posted October 3, 2014 Sorry, I'll try to elaborate the issue a bit more: A person goes to our website and logs in. The person then receives multiple WHMCS cookies, some of which might have sensitive information. The same person later accesses our web site via http instead of https. Since the WHMCS cookies are not marked secure, they will be sent with the request. A 3rd party between this person and our server can then obtain the person's WHMCS cookies. We want to prevent that from happening which can be done if the cookies are marked with the secure attribute. 0 Quote Link to comment Share on other sites More sharing options...
TekStorm Inc - James Posted October 4, 2014 Share Posted October 4, 2014 Specifically, I'd assume he's referencing cookie_secure? 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.