Actions
Feature #2418
closedHttpOnly and Secure flag are not set in the HTTP response header
Status:
Closed
Priority:
High
Assignee:
-
Category:
-
Target version:
-
Start date:
05/09/2012
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
According to our tests for PCI-DSS certification by a professional security auditing team.
PfSense lacks the HttpOnly and Secure Flags on cookies for session management.
I would like to see that when a cookie is set (while accessing through HTTPS) the appropriate flags set
It would be nice to have PfSense accepted as viable option for PCI-DSS certification
Actions