ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-10286) JSESSIONID root cookie not protected (httponly)
Date Fri, 16 Mar 2018 10:51:00 GMT
Jacques Le Roux created OFBIZ-10286:

             Summary: JSESSIONID root cookie not protected (httponly)
                 Key: OFBIZ-10286
                 URL: https://issues.apache.org/jira/browse/OFBIZ-10286
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
    Affects Versions: Trunk
            Reporter: Jacques Le Roux

I noticed OFBiz generate a JSESSIONID root cookie not protected (httponly)

I'm not sure yet how and why we create this cookie, and I'm also not sure it's a security
issue but better to check all that and possibly remove this cookie generation

This message was sent by Atlassian JIRA

View raw message