| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | Mark Forums Read | User manuals | Login |
Errors with XC5 Cookie settings when an XC5 store is HTTPS only | |||
|
|
Thread Tools | Search this Thread |
#1
|
|||||||
|
|||||||
Errors with XC5 Cookie settings when an XC5 store is HTTPS only
All of our store setups are 100% https only and have been since day 1 with XC5. On the server side, this is via permanent SEO-safe 301 redirects from HTTP to HTTPS but also, the XC5 https://*.*/admin.php?target=https_settings page and Redirect customers to HTTPS flag is set to YES. All of this is fine, it works and there's no issues here. The small issue is the XC5 cookie setting...
If the Redirect customers to HTTPS flag is set to YES by Admin, then by default, the XC5 cookie should include a Secure flag designed to protect cookies against their accidental transmission over HTTP. Okay, it's technically impossible in our case, especially with HSTS in place too...but the lack of the Secure flag in the cookie is brought up as an error, on every single test site you may care to use. This is correct as it's contradictory in terms of setup flags. This doesn't impede trading, but as far as we can see, this hasn't already been noticed / tested / added previously by XC so technically it's another very small bug, but moving forward positively, why can't this simply be added in the next XC5 upgrade? Especially as all other cookie directives have been comfortably met by XC5 already and have been for some time now (see below) Quote:
__________________
Dev Store & Live Store XC Business 5.4.1.35 Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33 |
|||||||
#2
|
|||||||||
|
|||||||||
Re: Errors with XC5 Cookie settings when an XC5 store is HTTPS only
I've forwarded this information to the XC5 dev team.
__________________
Alex Solovev, Qualiteam --- User manual Video tutorials X-Cart FAQ You are welcome to press "Thanks" button if you find this post useful Click here to learn how to apply patches X-Cart Extensions |
|||||||||
|
#3
|
|||||||
|
|||||||
Re: Errors with XC5 Cookie settings when an XC5 store is HTTPS only
Quote:
We've checked it, double checked it, independently tested it and it's all good.
__________________
Dev Store & Live Store XC Business 5.4.1.35 Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33 |
|||||||
|
|
Thread Tools | Search this Thread |
|
|
|
|||
X-Cart forums © 2001-2020
|