Hello, Our site should be work with http and https, we need to secure the cookie (_forum_session). Cookie Missing Secure flag only has HttpOnly how can this be setup with secure as well? Thanks

Hi @mevaha It that is the case, then more-than-likely you have a reverse-proxy in front of your load balancer (or as a part of your load balancer). Let me explain. The reverse proxy (with load balancer if you have one) communicates with Discourse on the back end using HTTP. So you are correct…

You should set your site up to work over https only.

Hey @mevaha The trend in the web, for many years, is to only use HTTPS. This used to be a problem until organizations like Let’s Encrypt (LE) started giving SSL certs away for free and provided a robust mechanism to manage certs. When LE (certbot) is used to configure the certs on your site, it …

Thank you @neounix . Our issue is the cert https is managed by the load balancer and only the port 80 opened between discourse and the load balancer. we tried to redirect http to https without success, could you please share with me the config file of cookies in discourse. Thanks

How to set the secure flag for cookie _forum_session

Support

mevaha (ravah) August 17, 2020, 7:10am 3

There is no way to modify in discourse code?

Topic		Replies	Views
Secure discourse session Support	7	493	July 21, 2020
HTTPS through Proxy; Discourse still trying to get files using HTTP Self-hosting	22	1281	May 4, 2020
Login-button unsecured Self-hosting	5	546	February 2, 2021
Force Redirect HTTP to HTTPS Support	9	6874	February 12, 2021
What happens if my domain is HTTP? Support	5	535	August 30, 2020

How to set the secure flag for cookie _forum_session

Related topics