#5887 - Session cookies should always be HttpOnly / Secure where applicable This is a spacer post for a website comment topic. The content this topic relates to: #5887 - Session cookies should always be HttpOnly / Secure where applicable By Guest posted 13th Aug 2024, 9:36 PM Do not fill this field in. Automated message: This issue was created using the Report Issue Wizard on the Composr homesite. By Guest posted 13th Aug 2024, 9:38 PM v11 has the same problem, although only for the Secure property; it is setting HttpOnly like it should. By Guest posted 13th Aug 2024, 10:15 PM Automated response: Session cookies should always be HttpOnly / Secure where applicableThis patch forces http-only on Session cookies and also correctly applies the Secure property when applicable.This patch will not work without the updated global*.php files for 10.0.49. See GitLab to get them. By Guest posted 14th Aug 2024, 2:47 PM Warning: This fix causes #5888 and #5889 . See those issues for resolutions. By Guest posted 17th Aug 2024, 9:02 PM REVERTED in 10.0.50 1 guest and 0 members have recently viewed this. Sort: Relevance Newest first Oldest first Rating Popularity
This patch forces http-only on Session cookies and also correctly applies the Secure property when applicable.
This patch will not work without the updated global*.php files for 10.0.49. See GitLab to get them.