Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-9394

Option to disable "secure" cookie when using HTTPS just for login page

    XMLWordPrintable

Details

    • 8
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured.

      Seraph's CookieUtils.setCookie() method create a secure cookie (ref) if the request had a secure URL, and this cookie isn't sent by the client to a non-secure address.

      The solution to this ticket is to upgrade Confluence to use Seraph to 0.10 or later.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. SER-72 Cookie secure flag should be set if SSL is in effect.

          • Medium - Medium priority issues
          • RESOLVED
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-10508 Insecure "Remember my Login" cookie on https-sites

          • High - High priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              stephenmorad Stephen Morad
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: