[Koha-bugs] [Bug 9102] [SECURITY] We should set httponly on our session cookie
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 26 17:11:02 CET 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102
Jonathan Druart <jonathan.druart at biblibre.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jonathan.druart at biblibre.co
| |m
Patch complexity|--- |Small patch
--- Comment #6 from Jonathan Druart <jonathan.druart at biblibre.com> ---
Hi Chris,
There are 2 other occurrences of this kind in C4::Auth::check_api_auth:
l.1141 my $cookie = $query->cookie( CGISESSID => $session->id );
l.1185 my $cookie = $query->cookie(CGISESSID => $sessionID);
Don't you think we have to add this flag for them too?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list