Hi,
Thank you for reaching out.
By default, our plugin sets the flashy_cart cookie using PHP’s standard setcookie() function, which does not set the HttpOnly flag. This is why the functionality works correctly for our customers.
If you’re seeing the HttpOnly flag on this cookie, it’s being added by your server configuration rather than by our plugin. This can happen due to:
- Apache mod_headers rules
- Nginx header configurations
- Security plugins or firewalls (e.g., Cloudflare, Sucuri, Wordfence)
Could you please check your server configuration and try explicitly setting HttpOnly to false for the flashy_cart cookie? If that resolves the issue for you, let us know and we’ll add it explicitly to the plugin as well.
Thanks,
