httponly not set for wp-admin cookies

  • Resolved eitanc

    (@eitanc)


    5 years, 10 months ago

    Hello,

    I set the cookie security to use all 3 options – secure , httponly and samesite.
    When doing a login to /wp-admin – wordpress sets two cookies, wp-settings-2 and wp-settings-time-2 – but both get only the “secure” option, missing the httponly and samesite.

    Can you look into this?

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Dimitar Ivanov

    (@zinoui)

    5 years, 10 months ago

    The settings from Cookie Security page affects only session cookies created through PHP.
    The both cookies you’ve mentioned above are set on 2 places:
    – wp-includes/option.php (lines: 961-963) e.g. they are not “session” cookies
    – wp-includes/utils.js (line: 188) e.g. it’s a javascript cookie

    Thread Starter eitanc

    (@eitanc)

    5 years, 10 months ago

    Goot it, thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘httponly not set for wp-admin cookies’ is closed to new replies.

Tags