View Issue Details

Jump to NotesJump to History
This issue affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
11362Bug reportsAuthenticationpublic2016-06-09 16:282016-06-10 15:29
Reportergantier Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status closedResolutionunable to reproduce 
Product Version2.06+ 
Summary11362: Cookie not secure whereas it is configured in config.php
Description

The session cookie doesn't appear "secure" for Chrome (or Firefox, or ...) even if you enabled the associated parameter in config.php.

Steps To Reproduce

1 / Add the following lines in application/config/config.php

           'session' => array (
                    'cookieParams' => array(
                            'secure' => true, // use SSL for cookies
                            'httponly' => true // Cookies may not be used by other protocols - experimental
            )
        ),

2 / Check the session cookie with chrome. Doesn't appear "secure".

TagsNo tags attached.
Attached Files
Capture.PNG (11,616 bytes)   
Capture.PNG (11,616 bytes)   
Bug heat6
Complete LimeSurvey version number (& build)Build Git 160524
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & versionMySQL 5.5.49
Server OS (if known)Ubuntu 14.04.04 LTS
Webserver software & version (if known)Apache 2.4.7
PHP Version5.5

Users monitoring this issue

gantier

Activities

c_schmitz

c_schmitz

2016-06-09 17:00

administrator   ~39376

Works for me just fine.
Can you quote your whole config (without usnerame/password ofc) ?
You probably inserted it in the wrong location?
gantier

gantier

2016-06-10 14:45

reporter   ~39406

Last edited: 2016-06-10 14:46

See below the whole file :)

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/*		 ------------------------------------------------------------------- DATABASE CONNECTIVITY SETTINGS
This file will contain the settings needed to access your database.
For complete instructions please consult the 'Database Connection'
page of the User Guide.
-------------------------------------------------------------------
EXPLANATION OF VARIABLES
-------------------------------------------------------------------
'connectionString' Hostname, database, port and database type for
the connection. Driver example: mysql. Currently supported:
mysql, pgsql, mssql, sqlite, oci
'username' The username used to connect to the database
'password' The password used to connect to the database
'tablePrefix' You can add an optional prefix, which will be added
to the table name when using the Active Record class

*/
return array(
'components' => array(
'db' => array(
'connectionString' => 'mysql:host=localhost;port=3306;dbname=FAKE;',
'emulatePrepare' => true,
'username' => 'FAKE',
'password' => 'FAKE',
'charset' => 'utf8',
'tablePrefix' => '',
),

            // Uncomment the following line if you need table-based sessions
            // 'session' => array (
                    // 'class' => 'system.web.CDbHttpSession',
                    // 'connectionID' => 'db',
                    // 'sessionTableName' => '{{sessions}}',
            // ),

            'urlManager' => array(
                    'urlFormat' => 'path',
                    'rules' => require('routes.php'),
                    'showScriptName' => true,
            ),

    ),
    // Use the following config variable to set modified optional settings copied from config-defaults.php
    'config'=>array(
    // debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this
    // then please check your error-logs - either in your hosting provider admin panel or in some /logs directory
    // on your webspace.
    // LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates
            'debug'=>2,
            'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2

            // Set the cookie via SSL
            'session' => array (
                    'cookieParams' => array(
                            'secure' => true, // use SSL for cookies
                            'httponly' => true // Cookies may not be used by other protocols - experimental
            )
        )
    )

);
/ End of file config.php /
/ Location: ./application/config/config.php /
c_schmitz

c_schmitz

2016-06-10 14:48

administrator   ~39407

I needs to be in the components array, not in the config array.
gantier

gantier

2016-06-10 15:09

reporter   ~39413

Yes, indeed :D

Issue History

Date Modified Username Field Change
2016-06-09 16:28 gantier New Issue
2016-06-09 16:28 gantier File Added: Capture.PNG
2016-06-09 16:29 gantier Issue Monitored: gantier
2016-06-09 17:00 c_schmitz Note Added: 39376
2016-06-09 17:00 c_schmitz Assigned To => c_schmitz
2016-06-09 17:00 c_schmitz Status new => feedback
2016-06-10 14:45 gantier Note Added: 39406
2016-06-10 14:45 gantier Status feedback => assigned
2016-06-10 14:46 gantier Note Edited: 39406
2016-06-10 14:48 c_schmitz Note Added: 39407
2016-06-10 15:09 gantier Note Added: 39413
2016-06-10 15:29 c_schmitz Status assigned => closed
2016-06-10 15:29 c_schmitz Resolution open => unable to reproduce
2021-08-12 03:54 guest Bug heat 4 => 6