[
https://issues.apache.org/jira/browse/OFBIZ-10286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-10286.
-----------------------------------
Resolution: Cannot Reproduce
Assignee: Jacques Le Roux
I can't find a such cookie in any of our official demos, nor locally. So I presume it was an old one still present on my machine from before our change for OFBIZ-6655. I have cleared all those cookies since while working on OFBIZ-10307, that's why I guess I can't reproduce now.
Please reopen if you find a such occurence on your machine after clearing old ones.
> JSESSIONID root cookie not protected (httponly)
> -----------------------------------------------
>
> Key: OFBIZ-10286
> URL:
https://issues.apache.org/jira/browse/OFBIZ-10286> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
>
> I noticed OFBiz generate a JSESSIONID root cookie not protected (httponly)
> I'm not sure yet how and why we create this cookie, and I'm also not sure it's a security issue but better to check all that and possibly remove this cookie generation
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
