Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
It would be good to have the option of setting the secure flag on the SSO cookie.
I understand about the requesting IP address being checked against an existing token, thats good but not bullet proof. Making the cookie secure will also help.
Attachments
Issue Links
- relates to
-
CWD-1040 Crowd session tokens need to be random and unique to avoid Session Hijacking!!!
- Closed