[Koha-bugs] [Bug 25360] Use secure flag for CGISESSID cookie
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 4 01:54:04 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25360
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
I'm debating with myself how best to implement it.
On one hand, requiring a cookie to be sent over HTTPS could make legitimate
automated testing harder/impossible, and not everyone necessarily has access to
HTTPS (although the latter is less common all the time).
Here's some thoughts:
1) Use a system preference to force it
2) Try reading $type and relevant *BaseURL system preference to determine
whether a HTTP or HTTPS URL is defined (since we can't reliably determine HTTP
vs HTTPS for proxied connections unless we used a header like
X-Forwarded-Proto)
That's about it for ideas right now. But open to other people's ideas.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list