I have received a report regarding the issues with the cookies not being stored securely. I'm not sure if it is required, but just checking as if it does, is there a way to enable it or push it through the next update if it is a security risk
#The panels does not use HTTPS cookies
round stone
winged mulchBOT
There are many ways to add SSL to your site. A simple solution is to use certbot from let’s encrypt. cerbot will automatically install the certificates for you and keep your SSL certs up to date!
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx -d yourdomain.com```Apparently it could be intercepted and then logged into someone else's account.
More can be asked from the user: 467563930114457601
@rigid dew
paper jay
- Check if u have ssl installed correctly
- Check, if APP_URL in the .env starts with https://
round stone
okay
round stone
APP_URL starts with https://
it is also using ssl
i got an upset stomach so if i dont reply then im having some biological issues
round stone
should this be a concern?
round stone
ping me if you got a reply
inner knot
config/session.php
/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/
'secure' => true,
or
SESSION_SECURE_COOKIE=true
In .env file
@round stone
round stone
ok thank you
SESSION_SECURE_COOKIE is not found in .env but the session.php is there
inner knot
SESSION_SECURE_COOKIE is not found in .env but the session.php is there
U need to add manually
but on deafult it's not added
round stone
oh okay