#5887 - Session cookies should always be HttpOnly / Secure where applicable – Composr CMS: Your Data, Your Privacy, Your Control

This is a spacer post for a website comment topic. The content this topic relates to: #5887 - Session cookies should always be HttpOnly / Secure where applicable

By Guest posted 13th Aug 2024, 9:36 PM

Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

By Guest posted 13th Aug 2024, 9:38 PM

v11 has the same problem, although only for the Secure property; it is setting HttpOnly like it should.

By Guest posted 13th Aug 2024, 10:15 PM

Automated response: Session cookies should always be HttpOnly / Secure where applicable

This patch forces http-only on Session cookies and also correctly applies the Secure property when applicable.

This patch will not work without the updated global*.php files for 10.0.49. See GitLab to get them.

By Guest posted 14th Aug 2024, 2:47 PM

Warning: This fix causes #5888 and #5889 . See those issues for resolutions.

By Guest posted 17th Aug 2024, 9:02 PM

REVERTED in 10.0.50

Gabri	Points: 51 Voting power: 15.789 Voting power control percentage: 0.223%
PDStig	Points: 15 Voting power: 27.140 Voting power control percentage: 0.383%
Adam Edington	Points: 10 Voting power: 18.646 Voting power control percentage: 0.263%

#5887 - Session cookies should always be HttpOnly / Secure where applicable

Leader-board Top Weekly Earners

Coming soon…

Statistics