Title: Insecure cookie
Last modified: May 20, 2021

---

# Insecure cookie

 *  Resolved [sherwin_flight](https://wordpress.org/support/users/sherwin_flight/)
 * (@sherwin_flight)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/insecure-cookie/)
 * I’m getting a warning from my security scanner that the wp_dlm_downloading lacks
   the “secure” flag.
 * Looking at the CookieManager.php file included with the plugin I can see that
   the “httponly” flag is set to true, but the “secure” flag is set to false.
 * Any chance of an update to address this issue?

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Razvan Aldea](https://wordpress.org/support/users/raldea89/)
 * (@raldea89)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/insecure-cookie/#post-14465317)
 * Hello [@sherwin_flight](https://wordpress.org/support/users/sherwin_flight/) ,
 * If the “secure” flag is set to true the cookie will only be set if a secure connection
   exists. If the server doesn’t have SSL and we set the “secure” flag to true then
   the cookie won’t be set thus triggering some problems with our plugin. I’ll issue
   a ticket to our dev department to see if we can set the “secure” flag based on
   the server’s configuration. If is doable then most probably will end up in a 
   future update, but honestly I can’t give you a time or a time period for that.
 * Kind Regards!
    Razvan
 *  [Miha](https://wordpress.org/support/users/mplusb/)
 * (@mplusb)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/insecure-cookie/#post-14511869)
 * This topic will be marked as resolved as we have an open ticket on GitHub regarding
   this. Please keep in mind that the ‘resolved’ status is only for this support
   thread, not the issue on GitHub.
    You can follow the ticket here: [https://github.com/WPChill/download-monitor/issues/687](https://github.com/WPChill/download-monitor/issues/687)
 *  Thread Starter [sherwin_flight](https://wordpress.org/support/users/sherwin_flight/)
 * (@sherwin_flight)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/insecure-cookie/#post-14511877)
 * Thank you, that’s great to hear. I appreciate that you took the time to check
   into this.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Insecure cookie’ is closed to new replies.

 * ![](https://ps.w.org/download-monitor/assets/icon-256x256.png?rev=3198936)
 * [Download Monitor](https://wordpress.org/plugins/download-monitor/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/download-monitor/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/download-monitor/)
 * [Active Topics](https://wordpress.org/support/plugin/download-monitor/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/download-monitor/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/download-monitor/reviews/)

## Tags

 * [cookie](https://wordpress.org/support/topic-tag/cookie/)

 * 3 replies
 * 3 participants
 * Last reply from: [sherwin_flight](https://wordpress.org/support/users/sherwin_flight/)
 * Last activity: [4 years, 10 months ago](https://wordpress.org/support/topic/insecure-cookie/#post-14511877)
 * Status: resolved