View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 14769 | Bug reports | Security | public | 2019-04-12 11:00 | 2021-03-10 22:59 |
| Reporter | bewi | Assigned To | c_schmitz | ||
| Priority | none | Severity | minor | ||
| Status | closed | Resolution | duplicate | ||
| Product Version | 3.17.x | ||||
| Summary | 14769: missing cookie attribute | ||||
| Description | In order to influence security-relevant properties of cookies, they can be provided with various attributes. The attribute SameSite prevents the sending of cookies in cross-domain-Requests. Unnecessary information disclosures are thus prevented and an additional protection against Cross-Site Request Forgery (CSRF) attacks is established.
| ||||
| Tags | No tags attached. | ||||
| Bug heat | 254 | ||||
| Complete LimeSurvey version number (& build) | 3.17.0 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | |||||
| Database type & version | * | ||||
| Server OS (if known) | |||||
| Webserver software & version (if known) | |||||
| PHP Version | * | ||||
 |
Can be fixed (i think) in config.php : https://manual.limesurvey.org/Optional_settings#Other_sessions_update But we can set is as «the most secure we can» in a new install (in the generated config.php) Don't know for internal (forced Yii config, config.php can update it). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-04-12 11:00 | bewi | New Issue | |
| 2019-04-12 11:21 | DenisChenu | Note Added: 51452 | |
| 2019-04-12 11:22 | DenisChenu | Issue Monitored: DenisChenu | |
| 2019-04-12 12:50 | DenisChenu | Relationship added | related to 14766 |
| 2019-08-08 21:28 | jelo | Relationship added | related to 15142 |
| 2019-09-04 14:08 | cdorin | Assigned To | => c_schmitz |
| 2019-09-04 14:08 | cdorin | Status | new => assigned |
| 2021-03-10 22:59 | ollehar | Status | assigned => closed |
| 2021-03-10 22:59 | ollehar | Resolution | open => duplicate |
