Actions
Bug #12479
closed
Secure Cookie Attribute Not Set for webConfigurator
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
All
Description
The webConfigurator does not require secure transmission of cookies using the Secure Cookie Attribute in PHP. As such it's possible, although unlikely, for someone to hijack a session since the cookie is transmitted in the clear.
Documentation here:
https://www.php.net/manual/en/function.session-set-cookie-params.php
Updated by
Actions