Uploaded image for project: 'Opencast'
  1. MH-8659

Set https cookies with Secure and HttpOnly

    Details

    • Type: Task
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 1.4.0, 1.3, 3.0
    • Fix Version/s: 4.6
    • Component/s: Backend Software

      Description

      Cookie is set without flags e.g.

      JSESSIONID=hwh3algw3xyz;Path=/

      Expected Results:

      If the session is https, cookie should set Secure and HttpOnly flags, e.g.:

      JSESSIONID=hwh3algw3xyz;Path=/; Secure; HttpOnly

      See https://www.owasp.org/index.php/Session_Management#Protect_Session_Identifiers and https://www.owasp.org/index.php/HttpOnly

        TestRail: Results

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                smarquard Stephen Marquard
              • Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:

                  TestRail: Cases