[Koha-bugs] [Bug 33259] Optionally set SameSite attribute of cookie to Strict
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 12 01:39:16 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #57 from David Cook <dcook at prosentient.com.au> ---
I hate to say it now, but I think we should change tack, and just focus on the
SameSiteSessionCookie being for the CGISESSID cookie and only for authenticated
contexts. (Focusing only on the CGISESSID cookie is mostly just to help in
terms of testability, although I think the best practice is to only set Strict
for sensitive cookies.)
That should provide security for authenticated Koha users while also allowing
usability for things like SSO.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list