Project

General

Profile

Actions

Feature #20935

closed

Set autologin cookie as secure by default when using https

Added by Jean-Philippe Lang about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

The secure flag for the autologin cookie can be configured in configuration.yml. Instead of setting it to false by default, it should be set to true when using SSL.


Related issues

Related to Redmine - Feature #21697: Set secure flag of the session cookie depending on original requestReopened

Actions
Actions #1

Updated by Jean-Philippe Lang about 9 years ago

  • Subject changed from Set session cookie as secure by default when using https to Set autologin cookie as secure by default when using https
  • Description updated (diff)
  • Status changed from New to Closed
  • Resolution set to Fixed
Actions #3

Updated by Go MAEDA almost 9 years ago

  • Has duplicate Feature #21697: Set secure flag of the session cookie depending on original request added
Actions #4

Updated by Go MAEDA almost 9 years ago

  • Has duplicate deleted (Feature #21697: Set secure flag of the session cookie depending on original request)
Actions #5

Updated by Go MAEDA almost 9 years ago

  • Related to Feature #21697: Set secure flag of the session cookie depending on original request added
Actions

Also available in: Atom PDF