Moodle 3.1.3: Website Adminstration Security Overview

Moodle 3.1.3: Website Adminstration Security Overview

by Monica Franz -
Number of replies: 2

Hi,

while looking at the Security Overview after upgrading to Moodle 3.1.3 from Moodle 2.7.11 the Secure Cookies Status is serious. Eventhough the HTTP security settings are, I think, correct



and wwwroot is HTTPS.

Is just the status text wrong our do I have to change some other settings?

Regards,

Monica


Average of ratings: -
In reply to Monica Franz

Re: Moodle 3.1.3: Website Adminstration Security Overview

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Moving to Security and privacy forum...

Average of ratings: -
In reply to Monica Franz

Re: Moodle 3.1.3: Website Adminstration Security Overview

by John Okely -

Secure cookies only works when HTTPS for logins is turned off. You must use HTTPS site-wide in order for secure cookies to work.

Since you are already using HTTPS in your wwwroot, simply uncheck the HTTPS for logins box.


I realise now that this is not clear, we should change the setting name to "Use HTTPS only for logins" and disable it if you are already using HTTPS site wide.

Average of ratings: Useful (2)