#5887 - Session cookies should always be HttpOnly / Secure where applicable – Composr CMS: Your Data, Your Privacy, Your Control

This is a spacer post for a website comment topic. The content this topic relates to: #5887 - Session cookies should always be HttpOnly / Secure where applicable

By Guest posted 13th Aug 2024, 9:36 PM

Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

By Guest posted 13th Aug 2024, 9:38 PM

v11 has the same problem, although only for the Secure property; it is setting HttpOnly like it should.

By Guest posted 13th Aug 2024, 10:15 PM

Automated response: Session cookies should always be HttpOnly / Secure where applicable

This patch forces http-only on Session cookies and also correctly applies the Secure property when applicable.

This patch will not work without the updated global*.php files for 10.0.49. See GitLab to get them.

By Guest posted 14th Aug 2024, 2:47 PM

Warning: This fix causes #5888 and #5889 . See those issues for resolutions.

By Guest posted 17th Aug 2024, 9:02 PM

REVERTED in 10.0.50