Hi,
I guess this question was asked earlier but I could not see any response for that so just posting the question again.
During penetration testing there has been a security concern about not having the _pk_id and _pk_ses cookies as HTTPonly.
We are using Matomo version 3.13.2 and 4.10.1 in different environments.
Is it possible to set above cookies as HTTPonly? If not can we disable these cookies to address the security issue and if we disable them will it have any impact on Matomo tracking functionality.
Regards
3 posts - 2 participants