Feature #20935

Set autologin cookie as secure by default when using https

Added by Jean-Philippe Lang over 2 years ago. Updated over 2 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Security
Target version:3.2.0
Resolution:Fixed

Description

The secure flag for the autologin cookie can be configured in configuration.yml. Instead of setting it to false by default, it should be set to true when using SSL.


Related issues

Related to Redmine - Feature #21697: Set secure flag of the session cookie depending on origin... Reopened

Associated revisions

Revision 14648
Added by Jean-Philippe Lang over 2 years ago

Set autologin cookie as secure by default when using https (#20935).

History

#1 Updated by Jean-Philippe Lang over 2 years ago

  • Subject changed from Set session cookie as secure by default when using https to Set autologin cookie as secure by default when using https
  • Description updated (diff)
  • Status changed from New to Closed
  • Resolution set to Fixed

#3 Updated by Go MAEDA over 2 years ago

  • Duplicated by Feature #21697: Set secure flag of the session cookie depending on original request added

#4 Updated by Go MAEDA over 2 years ago

  • Duplicated by deleted (Feature #21697: Set secure flag of the session cookie depending on original request)

#5 Updated by Go MAEDA over 2 years ago

  • Related to Feature #21697: Set secure flag of the session cookie depending on original request added

Also available in: Atom PDF