[TRANSLATE-2311] Cookie Security - translate5 JIRA issue tracker

Type: Bug
Resolution: Fixed
Fix Version/s: translate5 - 5.0.13, translate5 - 5.0.14, translate5 - 5.1.0
Affects Version/s: None
Component/s: Editor general

Urgency:
Medium
Important release notes:
Important for users which are using an own task administration: test if the integration works, if not the samesite cookie config in application.ini must be removed and this issue reopened!
ChangeLog Description:
Set the authentication cookie according to the latest security recommendations.
Checklist:

Empty

show more show less

Set the Cookie security in dependency of the ssl usage flag.

COOKIE: ZFEXTENDED

The cookie is missing Secure, ~~HttpOnly~~ and SameSite flag, make sure it does not store sensitive information.

The HttpOnly cookie can not be used by us, since we need JS access to the session cookie.

Assignee:: Thomas Lauria

Reporter:: Thomas Lauria

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 05/Nov/2020 12:13

Updated:: 23/Apr/2024 05:09

Resolved:: 14/Jan/2021 06:05