XMLWordPrintable

Details

    • Medium
    • Important for users which are using an own task administration: test if the integration works, if not the samesite cookie config in application.ini must be removed and this issue reopened!
    • Set the authentication cookie according to the latest security recommendations.

    Description

      Set the Cookie security in dependency of the ssl usage flag.

      COOKIE: ZFEXTENDED

      The cookie is missing Secure, HttpOnly and SameSite flag, make sure it does not store sensitive information.

      The HttpOnly cookie can not be used by us, since we need JS access to the session cookie.

      Attachments

        Activity

          People

            tlauria Thomas Lauria
            tlauria Thomas Lauria
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: