5893: Changes to default cookie names and handling for prefixes

ID	Project	Category	View Status	Date Submitted	Last Update

5893	Composr	core	public	2024-08-17 01:55	2024-08-17 03:48

Reporter	PDStig	Assigned To	PDStig
Priority	high	Severity	feature
Status	resolved	Resolution	fixed
Product Version	11.beta1

Summary	5893: Changes to default cookie names and handling for prefixes
Description	* Start using __Host-cms_session__... as the session cookie name for Composr CMS. * Start using __Secure-cms_member_id as the default user cookie name. * Start using __Secure-cms_member_hash as the default password cookie name. Add special checks in all cookie name functions to check for __Host- and __Cookie- and to only return those in the name if the required conditions for those prefixes are met.
Additional Information	See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value Doing this will add extra security to session cookies to prevent session hijacking. It will also add extra security to login cookies.
Tags	Roadmap: v11, Type: Security
Attach Tags	(Separate by ",")

Time estimation (hours)
Sponsorship open

Date Added	Member	Amount Sponsored

Date Modified	Username	Field	Change
2024-08-17 01:55	PDStig	Tag Attached: Roadmap: v11
2024-08-17 01:55	PDStig	Tag Attached: Type: Security
2024-08-17 03:48	PDStig	Assigned To	=> user4172
2024-08-17 03:48	PDStig	Status	Not Assigned => Resolved
2024-08-17 03:48	PDStig	Resolution	open => fixed

admin 2024-08-17 01:55 administrator ~9208	Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.