Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-72

Cookie secure flag should be set if SSL is in effect.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 0.10
    • 0.7.20
    • None
    • true

    Description

      The app server sets the secure flag on the session cookie if SSL is in effect.

      Seraph should behave similarly when generating the seraph.os.cookie.

      The secure flag indicates to the browser to only transmit the cookie when SSL is in effect:

      http://www.w3.org/Security/Faq/wwwsf2.html

      Attachments

        Issue Links

          causes

          Suggestion - CONFSERVER-9394 Option to disable "secure" cookie when using HTTPS just for login page

          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-10508 Insecure "Remember my Login" cookie on https-sites

          • High - High priority issues
          • Closed

          Activity

            People

              dbrown@atlassian.com Don Brown (Inactive)
              keith@atlassian.com Keith Brophy
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                16 years, 35 weeks, 3 days ago