Feature #20935
Set autologin cookie as secure by default when using https
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jean-Philippe Lang | % Done: | 0% | |
| Category: | Security | |||
| Target version: | 3.2.0 | |||
| Resolution: | Fixed |
Description
The secure flag for the autologin cookie can be configured in configuration.yml. Instead of setting it to false by default, it should be set to true when using SSL.
Related issues
Associated revisions
Set autologin cookie as secure by default when using https (#20935).
History
#1
Updated by Jean-Philippe Lang about 6 years ago
- Subject changed from Set session cookie as secure by default when using https to Set autologin cookie as secure by default when using https
- Description updated (diff)
- Status changed from New to Closed
- Resolution set to Fixed
#3
Updated by Go MAEDA almost 6 years ago
- Duplicated by Feature #21697: Set secure flag of the session cookie depending on original request added
#4
Updated by Go MAEDA almost 6 years ago
- Duplicated by deleted (Feature #21697: Set secure flag of the session cookie depending on original request)
#5
Updated by Go MAEDA almost 6 years ago
- Related to Feature #21697: Set secure flag of the session cookie depending on original request added