Important

You are browsing the documentation for version 3.1 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Protect Cookies

If the application is configured to be used via SSL connection, you may want to protect the application cookies, too.

Cookies are protected with Secure and HttpOnly flags.

You can manually set this parameters for each cookie via the configuration or reconfigure your web sever to add the secure flag by the server.

Reconfigure Apache Web Server

To configure Apache web server:

  • Enable mod_headers.so in the Apache HTTP server configuration file;

  • In the configuration of your virtual domain, add:

    Header edit Set-Cookie ^(.*)$ $1;Secure
    
  • Restart the web server.