12 Mar
2024
12 Mar
'24
1:39 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259 --- Comment #57 from David Cook <dcook@prosentient.com.au> --- I hate to say it now, but I think we should change tack, and just focus on the SameSiteSessionCookie being for the CGISESSID cookie and only for authenticated contexts. (Focusing only on the CGISESSID cookie is mostly just to help in terms of testability, although I think the best practice is to only set Strict for sensitive cookies.) That should provide security for authenticated Koha users while also allowing usability for things like SSO. -- You are receiving this mail because: You are watching all bug changes.