View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005893 | Composr | core | public | 2024-08-17 01:55 | 2024-08-17 03:48 |
| Reporter | Patrick Schmalstig | Assigned To | Patrick Schmalstig | ||
| Severity | Feature-request | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | 11.beta1 | ||||
| Fixed in Version | |||||
| Summary | 0005893: Changes to default cookie names and handling for prefixes | ||||
| Description | * Start using __Host-cms_session__... as the session cookie name for Composr CMS. * Start using __Secure-cms_member_id as the default user cookie name. * Start using __Secure-cms_member_hash as the default password cookie name. Add special checks in all cookie name functions to check for __Host- and __Cookie- and to only return those in the name if the required conditions for those prefixes are met. | ||||
| Additional Information | See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value Doing this will add extra security to session cookies to prevent session hijacking. It will also add extra security to login cookies. | ||||
| Tags | Roadmap: v11, Type: Security | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-08-17 01:55 | Patrick Schmalstig | Tag Attached: Roadmap: v11 | |
| 2024-08-17 01:55 | Patrick Schmalstig | Tag Attached: Type: Security | |
| 2024-08-17 03:48 | Patrick Schmalstig | Assigned To | => Patrick Schmalstig |
| 2024-08-17 03:48 | Patrick Schmalstig | Status | non-assigned => resolved |
| 2024-08-17 03:48 | Patrick Schmalstig | Resolution | open => fixed |
