learn_press_setcookie causes security test failure

  • Hi folks

    The function learn_press_setcookie is causing one of our clients sites to fail security tests.

    This function has false as the default for $secure and $httponly.

    This is called in lp-user-functions.php on line 1160 in the function learn_press_set_user_cookie_for_guest.

    This overrides our PHP ini settings to force secure and httponly, resulting in the site failing security tests.

    If this can’t be changed, then is it possible to add a hook / filter somewhere around these functions so that we can override this on this particular site?

    Kind regards
    – Perry

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘learn_press_setcookie causes security test failure’ is closed to new replies.