Actions
Feature #2418
closed
HttpOnly and Secure flag are not set in the HTTP response header
Status:
Closed
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Start date:
05/09/2012
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
According to our tests for PCI-DSS certification by a professional security auditing team.
PfSense lacks the HttpOnly and Secure Flags on cookies for session management.
I would like to see that when a cookie is set (while accessing through HTTPS) the appropriate flags set
It would be nice to have PfSense accepted as viable option for PCI-DSS certification
Updated by Warren Baker almost 12 years ago
- Status changed from New to Feedback
Change committed in 49ddf9a10ff3379162d437622f664cfe924b4552 - let us know if you happy this please.
Updated by Laterpay Gmbh almost 12 years ago
Wow.. Fantastic
Works as i had hoped
thank you for the quick fix
Updated by Warren Baker almost 12 years ago
- Status changed from Feedback to Closed
- % Done changed from 0 to 100
Awesome stuff.
Actions