[ic] Cookie Does Not Contain The "secure" Attribute

Stefan Hornburg (Racke) racke at linuxia.de
Thu Dec 17 07:44:07 UTC 2015

On 12/17/2015 02:41 AM, DB wrote:
> Howdy. PCI scanner complains about "Cookie Does Not Contain The "secure"
> Attribute" even though I 301 all http requests to https. Is there an
> existing/easy way to add this "secure" attribute to my site's cookies?

Secure attribute:


MV_PASSWORD cookie will have the secure flag, but not the other cookies
if I read the source correctly.

You can enable httponly attribute:

 Pragma set_httponly


Perl and Dancer Development

Visit our Perl::Dancer conference 2015.
More information on https://www.perl.dance.

More information about the interchange-users mailing list