[Koha-bugs] [Bug 33259] Optionally set SameSite attribute of cookie to Strict

Thu Mar 23 09:58:39 CET 2023

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259

ByWater Sandboxes <bws.sandboxes at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #148580|0                           |1
        is obsolete|                            |

--- Comment #7 from ByWater Sandboxes <bws.sandboxes at gmail.com> ---
Created attachment 148590
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=148590&action=edit
Bug 33259: Optionally set SameSite attribute of session cookie to Strict

Note: The below test plan is assuming you are running the Mozilla Firefox
browser.

Test plan:
1. Apply patches
2. Upgrade database
sudo koha-upgrade-schema <instance>
3. Confirm the new system preference 'SameSiteSessionCookie' is 'Lax'
4. Go to a staff client and OPAC page, right click, choose 'Inspect', go
   to the 'Storage' tab, click on 'Cookies', click on 'CGISESSID'
5. Confirm 'SameSite' = 'Lax'
6. Change the 'SameSiteSessionCookie' to 'Strict'
7. Open a new private browser window. Go to a staff client and OPAC
page, right click, choose 'Inspect, go to the 'Storage' tab, click on
'Cookies', click on 'CGISESSID'
8. Repeat step 4 and confirm 'SameSite' = 'Strict'
9. Go to: Cataloguing > New record
10. Right click, click 'Inspect', go to the 'Console' tab, confirm there
    are no JavaScript errors

Sponsored-by: Toi Ohomai Institute of Technology, New Zealand
Signed-off-by: Sally <sally.healey at cheshiresharedservices.gov.uk>

-- 
You are receiving this mail because:
You are watching all bug changes.