Level 27
I think they want your site to work on HTTPS only.
You can set it in .htaccess or write a middleware to do that.
Oct 9, 2020
3
Level 5
Set SSL Cookie without Secure Flag set and Cookie Without HTTPOnly Flag Set
I have received security aduit report and they mentioned like below,
set Cookie Without HTTPOnly Flag Set and SSL Cookie without Secure Flag set how can i do this in laravel 5.6 i have updated in session.php file like below, 'secure' => env('SESSION_SECURE_COOKIE', true), but they said it is not done yet.
Level 5
@laracoft website already running with https. i have code to redirect all routes to https in htaccess
Level 27
@deekshith in your config/session.php,
- Set
'encrypt' => true - Check that
'http_only' => true, but this is already Laravel's default.
Please or to participate in this conversation.