Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 0.10
Affects Version/s: 0.7.20
Labels:
None

Last commented by user?:
true

The app server sets the secure flag on the session cookie if SSL is in effect.

Seraph should behave similarly when generating the seraph.os.cookie.

The secure flag indicates to the browser to only transmit the cookie when SSL is in effect:

http://www.w3.org/Security/Faq/wwwsf2.html

causes

CONFSERVER-9394 Option to disable "secure" cookie when using HTTPS just for login page

Closed

relates to

JRASERVER-10508 Insecure "Remember my Login" cookie on https-sites

Closed

Assignee:: Don Brown (Inactive)

Reporter:: Keith Brophy

Participants:: AntonA, Don Brown, Keith Brophy, Luis Herrera, Matt Ryall

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 05/Jul/2006 1:24 AM

Updated:: 01/Apr/2017 7:42 PM

Resolved:: 14/Sep/2007 6:51 AM

Last commented:: 16 years, 48 weeks, 1 day ago