OFBiz OFBiz - Notifications

[jira] [Commented] (OFBIZ-9865) Enhance cookies security

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-9865) Enhance cookies security

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-9865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16496536#comment-16496536 ]

Jacques Le Roux commented on OFBIZ-9865:
----------------------------------------

At r1812623 I reverted r1812540 ("Set-Cookie", "SameSite=strict") that I also forgot to report here. It does not fit with OFBiz which then asks you to login on any action, even when using "Set-Cookie", "SameSite=lax"

> Enhance cookies security
> ------------------------
>
>                 Key: OFBIZ-9865
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9865
>             Project: OFBiz
>          Issue Type: Sub-task
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: 17.12.01
>
>
> Working on OFBIZ-6766, I was reading https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#SameSite_Attribute and decided to slightly improve our cookies security



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Free forum by Nabble Edit this page