Details
-
Bug
-
Resolution: Fixed
-
Medium
-
0.7.20
-
None
-
true
Description
The app server sets the secure flag on the session cookie if SSL is in effect.
Seraph should behave similarly when generating the seraph.os.cookie.
The secure flag indicates to the browser to only transmit the cookie when SSL is in effect:
Attachments
Issue Links
- causes
-
CONFSERVER-9394 Option to disable "secure" cookie when using HTTPS just for login page
- Closed
- relates to
-
JRASERVER-10508 Insecure "Remember my Login" cookie on https-sites
- Closed