#5893 - Changes to default cookie names and handling for prefixes
-
By PDStig
- Added
- 3 views
| Identifier | #5893 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Changes to default cookie names and handling for prefixes |
| Status | Completed |
| Tags |
Roadmap: v11 (custom) Type: Security (custom) |
| Handling member | PDStig |
| Version | 11 beta1 |
| Addon | core |
| Description | * Start using __Host-cms_session__... as the session cookie name for Composr CMS. * Start using __Secure-cms_member_id as the default user cookie name. * Start using __Secure-cms_member_hash as the default password cookie name. Add special checks in all cookie name functions to check for __Host- and __Cookie- and to only return those in the name if the required conditions for those prefixes are met. |
| Steps to reproduce | |
| Additional information | See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value Doing this will add extra security to session cookies to prevent session hijacking. It will also add extra security to login cookies. |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments