Secure Cookies & Sessions (with Strict, Lax, None samesite)

Secure Cookies & Sessions (with Strict, Lax, None samesite)
This plugin will apply secure flags on all cookies and the PHPSESSID session cookie for secure cookies under HTTPS - a common requirement of PCI DSS scanners.

Will make sure your cookies do not leak into HTTP and vise-versa.

This is now a requirement for PCI Compliancy, and also Chrome 80 will require "samesite=none, secure" on all cookies - https://github.com/GoogleChromeLabs/samesite-examples

Strict, Lax or None - SameSite Setting
the OCMOD version of this mod is split into 3 different packages, Strict, None and Lax.
Browsers recently changed default cookie behaviour from None to Lax by default, which presents some serious issues in specific cases. If your unsure which version to use please use the None version.

If you use any third-party redirect such as a payment gateway which POST back to your site, you will need to use SameSite None package.

Lax
Cookies are allowed to be sent with top-level navigations and will be sent along with GET request initiated by third party website. This is the default value in modern browsers.

Strict
Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.

None
Cookies will be sent in all contexts, i.e sending cross-origin is allowed.

None used to be the default value, but recent browser versions made Lax the default value to have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks.

Installation
VQMOD (OC 2.x) - Just drop the xml into your vqmod/xml folder
OCMOD (OC 2.x - 3.x) - install it via the OCMOD interface and that's it!

What customers say about Secure Cookies & Sessions (with Strict, Lax, None samesite)

greensorganic
Great extension and a MUST for all OC websites.
~greensorganic




Buy
Price
$30.00

  • Developed by OpenCart Community
  • 1 Months Free Support
  • Documentation Included

Rating

Compatibility
2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7, 2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7, 2.0.0.0, 2.0.1.0, 2.0.1.1, 2.0.2.0, 2.0.3.1, 2.1.0.1, 2.1.0.2, 2.2.0.0, 2.3.0.0, 2.3.0.1, 2.3.0.2, 3.0.0.0, 3.0.1.1, 3.0.1.2, 3.0.2.0, 4.0.0.0_b, 3.0.3.0, 3.0.3.1, 3.0.3.2, 3.0.3.3, 3.0.3.5, 3.0.3.6, 3.0.3.7

Last Update
23 Feb 2021

Created
19 Aug 2020
25 Sales
12 Comments
webdesires
webdesires
Member since: 7 Mar 2015

View all extensions Get Support