[FREEPBX-7570] Set HttpOnly flag in PHPSESSID cookie by default - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: FreePBX Distro
Labels:
- security

ToDo:

Description

PHPSESSID cookie is created by PHP without HttpOnly flag set.
Configuring PHP in a way so this flag is set will improve security.
Please see:
https://www.owasp.org/index.php/HttpOnly#Using_PHP_to_set_HttpOnly

Gliffy Diagrams

Attachments

Activity

People

Assignee:

Andrew Nagy

Reporter:

varnav

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

08/May/14 7:52 AM

Updated:

02/Jul/14 2:00 PM

Resolved:

08/May/14 12:00 PM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.