Jacques Le Roux created OFBIZ-10286:
---------------------------------------
Summary: JSESSIONID root cookie not protected (httponly)
Key: OFBIZ-10286
URL: https://issues.apache.org/jira/browse/OFBIZ-10286
Project: OFBiz
Issue Type: Sub-task
Components: framework
Affects Versions: Trunk
Reporter: Jacques Le Roux
I noticed OFBiz generate a JSESSIONID root cookie not protected (httponly)
I'm not sure yet how and why we create this cookie, and I'm also not sure it's a security
issue but better to check all that and possibly remove this cookie generation
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
|