Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Fix Version/s: translate5 - 5.0.13, translate5 - 5.0.14, translate5 - 5.1.0
Affects Version/s: None
Component/s: Editor general

Urgency:
Medium
Important release notes:
Important for users which are using an own task administration: test if the integration works, if not the samesite cookie config in application.ini must be removed and this issue reopened!
ChangeLog Description:
Set the authentication cookie according to the latest security recommendations.

Description

Set the Cookie security in dependency of the ssl usage flag.

COOKIE: ZFEXTENDED

The cookie is missing Secure, ~~HttpOnly~~ and SameSite flag, make sure it does not store sensitive information.

The HttpOnly cookie can not be used by us, since we need JS access to the session cookie.

Attachments

Activity

People

Assignee:: Thomas Lauria

Reporter:: Thomas Lauria

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Nov/2020 12:13

Updated:: 09/Sep/2022 09:07

Resolved:: 14/Jan/2021 06:05