Skip to Content Skip to Menu

🎃 Happy Halloween! Treat yourself with an awesome discount on memberships! Get 20% off now with code SPOOKY-2024!

[SOLVED] Setting HttpOnly and Secure on cbrvs cookie

  • NFER-ICT
  • NFER-ICT
  • OFFLINE
  • Posts: 44
  • Thanks: 1
  • Karma: 0
8 years 6 months ago - 8 years 6 months ago #280289 by NFER-ICT
After a recent security penetration test on website featuring Community Builder and GroupJive, we have been asked to ensure our cookies are set to HttpOnly and also Secure.

The one CB cookie that was highlighted was cbrvs.

Does anyone know if either this can be set, or indeed needs to be set to HttpOnly and Secure.

Our entire site is already on HTTPS so I understand the Secure setting would work, but I'm afraid I've no idea what information this cookie holds and so have no idea if it even needs to be messed with.

Any advice or information would be a great help and much appreciated.

Dave
Last edit: 8 years 6 months ago by krileon.

Please Log in or Create an account to join the conversation.

  • nant
  • nant
  • OFFLINE
  • Posts: 12339
  • Thanks: 1467
  • Karma: 877
8 years 6 months ago #280321 by nant

Please Log in or Create an account to join the conversation.

  • NFER-ICT
  • NFER-ICT
  • OFFLINE
  • Posts: 44
  • Thanks: 1
  • Karma: 0
8 years 6 months ago #280445 by NFER-ICT
Replied by NFER-ICT on topic Setting HttpOnly and Secure on cbrvs cookie
So nobody knows what's in this cookie then?

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48460
  • Thanks: 8280
  • Karma: 1443
8 years 6 months ago #280462 by krileon
Replied by krileon on topic Setting HttpOnly and Secure on cbrvs cookie
There's no parameters to set the secure or http only settings for CBs cookies. They're simply antispam cookies and there's no reason to mark them secure or http only. If you still want to set those then you'll have to modify core files. Specifically in the below file.

libraries/CBLib/CB/Legacy/LegacyComprofilerFunctions.php

You'll need to modify the CBCookie::setcookie usage for cbGetRegAntiSpamInputTag and cbGetAntiSpamInputTag functions.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: NFER-ICT

Please Log in or Create an account to join the conversation.

  • NFER-ICT
  • NFER-ICT
  • OFFLINE
  • Posts: 44
  • Thanks: 1
  • Karma: 0
8 years 6 months ago #280489 by NFER-ICT
Replied by NFER-ICT on topic Setting HttpOnly and Secure on cbrvs cookie
That's good to know!

Thanks Kyle, that means there's no further action for me to take on this which is great.

Many thanks

Dave
The following user(s) said Thank You: krileon

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum