Relationship Graph View Issue Dependency Graph
related to child of duplicate of

View Issue Details

IDProjectCategoryView StatusLast Update
14769Bug reports[All Projects] Securitypublic2019-09-04 14:08
Reporterbewi Assigned Toc_schmitz  
Status assignedResolutionopen 
Product Version3.17.x 
Target VersionFixed in Version 
Summary14769: missing cookie attribute

In order to influence security-relevant properties of cookies, they can be provided with various attributes.

The attribute SameSite prevents the sending of cookies in cross-domain-Requests. Unnecessary information disclosures are thus prevented and an additional protection against Cross-Site Request Forgery (CSRF) attacks is established.
For this attribute there are two values:

  • The value 'strict' ensures that the cookie is not used at all with Cross-domain requests are sent, not even when clicking on external links.
  • The value 'lax' provides cookie transmission for regular GET requests, but prevents CSRF attacks, such as POST requests.
    This attribute should be set to 'lax' for all cookies except exceptions.
TagsNo tags attached.
Complete LimeSurvey version number (& build)3.17.0
I will donate to the project if issue is resolvedNo
Database & DB-Version*
Server OS (if known)
Webserver software & version (if known)
PHP Version*




2019-04-12 11:21

developer   ~51452

Can be fixed (i think) in config.php :

But we can set is as «the most secure we can» in a new install (in the generated config.php)

Don't know for internal (forced Yii config, config.php can update it).

Issue History

Date Modified Username Field Change
2019-04-12 11:00 bewi New Issue
2019-04-12 11:21 DenisChenu Note Added: 51452
2019-04-12 12:50 DenisChenu Relationship added related to 14766
2019-04-12 12:50 DenisChenu Relationship added related to 14772
2019-08-08 21:28 jelo Relationship added related to 15142
2019-09-04 14:08 cdorin Assigned To => c_schmitz
2019-09-04 14:08 cdorin Status new => assigned