Newbie is back and learning all this great stuff.

I read this has been an issue in the past, but i just cant get around it. It is trustwave. They are flagging the limesurvey for using nonssl cookies. I have modified the config.php

With secure ===> true

i set:

http only is set to true then reboot - no change;

httponly set to false ; then reboot - no change


But it does not seem to help Trustwave detects insecure cookies.

limesurvey version 3.16.1+190314

Any other suggestion?

I have more information from another scanning tool. It seems that secure cookies in the config.php is being applied. But another issue came up. see attached.

thanks

The second cookies is www.limesurvey.org/manual/Optional_settings#Request_settings , you can update it in your config.php

Same for Same site flag : www.limesurvey.org/manual/Optional_setti...ther_sessions_update

You can report as a feature/fix to be by default.