]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e6356e0) | patch
Bug 9102 : Set HttpOnly on the CGISESSID cookie
authorChris Cormack <chrisc@catalyst.net.nz>
Sun, 18 Nov 2012 07:01:37 +0000 (20:01 +1300)
committerChris Cormack <chris@bigballofwax.co.nz>
Sat, 12 Jan 2013 19:01:23 +0000 (08:01 +1300)
commitc0a92e3b3df18564c9f54bb5121950d0dbce000d
treea5e33a909663bf17255c12ba907687ad6833226atree | snapshot
parente6356e0dd051d539e183c8748923c2fd1d0b32c2commit | diff
Bug 9102 : Set HttpOnly on the CGISESSID cookie

https://www.owasp.org/index.php/HttpOnly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
To test, use curl

Before the patch

% curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 06:56:49 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=19689f6e7d8ec94c25269fecebf2f009; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

After patch

 % curl -I http://192.168.2.135
HTTP/1.1 200 OK
Date: Sun, 18 Nov 2012 07:01:04 GMT
Server: Apache/2.2.22 (Ubuntu)
Pragma: no-cache
Cache-control: no-cache
Content-script-type: text/javascript
Content-style-type: text/css
Set-Cookie: CGISESSID=da25baf03c0bc1e2c512a627028e43e6; path=/; HttpOnly
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
C4/Auth.pm diff | blob | history
Main Koha release repository