Jan Cinert

False positive | Cookie Does Not Contain The "secure" Attribute

Discussion created by Jan Cinert on Nov 5, 2013

#1 Response

 

__utmc=250288278; path=/; domain=agriclub.cz

 

 

Chrome Developer Tools show that the cookie has a secure flag on.

 

More information:

That cookie is created by ga.js script with a secure flag off. After that another script sets the secure flag on.

 

Code excerpt:

<script type="text/javascript">

    var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");

    document.write( unescape( "%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E" ) );

</script>

<script type="text/javascript" src="/js/jquery/cookies.js"></script>

<script type="text/javascript">

 

 

    try {

        var pageTracker = _gat._getTracker( "x" );

        pageTracker._trackPageview();

 

 

        if( "https:" == document.location.protocol ) {

            Cookies.set( '__utmc', Cookies.get( '__utmc' ),

                    { domain: '.' + window.location.hostname.replace( 'www.', '' ), secure: true } );

        }

 

 

    }

    catch( err ) {

        console.log( err );

    }

</script>

Outcomes