Skip to:
Content
Pages
Categories
Search
Top
Bottom

cookie bp-activity-oldestpage “httponly” and or “Secure”


  • w3dzign
    Participant

    @w3dzign

    Hello we want to set secure and http only this cookie we set all the cookies secure and httponly but this cookie we cant hope you can help us

Viewing 3 replies - 1 through 3 (of 3 total)

  • Paul Wong-Gibbs
    Keymaster

    @djpaul

    Hi

    Good question. You can’t without making changes to the BuddyPress files, which we wouldn’t recommend. This is a great idea for a feature enhancement so I’ve gone ahead and opened a ticket. We’ll have it fixed for BuddyPress 2.6 (I’m working on the patch right now).

    Thanks for the suggestion!


    Paul Wong-Gibbs
    Keymaster

    @djpaul

    See https://buddypress.trac.wordpress.org/ticket/6961

    I’ve added Secure cookie support, but not HttpOnly because some (maybe all) are accessed with Javascript; I haven’t time to audit all the cookies in that level of detail at the moment, so maybe we can do that in the future if someone helps investigate.


    w3dzign
    Participant

    @w3dzign

    well we are making changes to the core of buddypress because in the settings of the profile user you can change the password but we have a plugin for policies about the password and we want to only use this for change the password

    this is another tip for future versions of BP that you can use the core of the change password and not the BP

    so dont worry if you tell me where is located this cookie we can set secure an make some test in the weekends because our site start to be auditing by third part with acunetix and they found some vulnerabilities maybe you can use this for audit the BP we are using BP and WPLMS template

    Thnaks for the reply Paul

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.
Skip to toolbar