Relationship Graph View Issue Dependency Graph
related to child of duplicate of

View Issue Details

IDProjectCategoryView StatusLast Update
15142Bug reports[All Projects] Securitypublic2019-09-04 14:08
Reporterma77ie Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status assignedResolutionopen 
Product Version3.17.x 
Target VersionFixed in Version 
Summary15142: Limesurvey has Missing Cookie Security Attributes
Description

Limesurvey creates cookies that have weak attributes which compromises their security. In particular PHPSESSID cookie doesn't have SameSite set and YII_CSRF_TOKEN doesn't have HttpOnly & SameSite set.

Steps To Reproduce

View cookies in a browser, for example in FireFox select Web Developer / Storage Inspector from the menu and view cookies. Yellow box on attached screenshot shows HttpOnly and/or SameSite attributes not set for these cookies.

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.17.9+190731
I will donate to the project if issue is resolvedNo
Browser
Database & DB-VersionMySQL 5.7.20
Server OS (if known)
Webserver software & version (if known)
PHP Version7.0.33

Activities

ma77ie

ma77ie

2019-08-07 14:53

reporter  

limesurvey cookies.png (172,897 bytes)

Issue History

Date Modified Username Field Change
2019-08-07 14:53 ma77ie New Issue
2019-08-07 14:53 ma77ie File Added: limesurvey cookies.png
2019-08-08 21:28 jelo Relationship added related to 14769
2019-09-04 14:08 cdorin Assigned To => c_schmitz
2019-09-04 14:08 cdorin Status new => assigned