Bug #12479: Secure Cookie Attribute Not Set for webConfigurator - pfSense - pfSense bugtracker

Actions

Copy link

Bug #12479

closed

Secure Cookie Attribute Not Set for webConfigurator

Added by Kris Phillips about 4 years ago. Updated about 4 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Web Interface

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Affected Version:

Affected Architecture:

All

Description

The webConfigurator does not require secure transmission of cookies using the Secure Cookie Attribute in PHP. As such it's possible, although unlikely, for someone to hijack a session since the cookie is transmitted in the clear.

Documentation here:
https://www.php.net/manual/en/function.session-set-cookie-params.php

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #12479

Secure Cookie Attribute Not Set for webConfigurator

Updated by Jim Pingle about 4 years ago