View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 07631 | Feature requests | Security | public | 2013-03-04 10:04 | 2016-08-29 10:30 |
| Reporter | hesi | Assigned To | c_schmitz | ||
| Priority | normal | Severity | feature | ||
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2.5+ | ||||
| Summary | 07631: Session Cookie XSS protection via HttpOnly flag | ||||
| Description | Is it possible to set the HttpOnly option within the Session Cookie to implement a Cross Site Scripting mitigation? The additional secure flag can't be set by default, as some surveys might be processed via unencrypted http connections. | ||||
| Additional Information | Open Web Application Security Project (OWASP): HttpOnly option Open Web Application Security Project (OWASP): Testing for cookies attributes (OWASP-SM-002) | ||||
| Tags | data integrity, data security | ||||
| Bug heat | 254 | ||||
| Story point estimate | |||||
| Users affected % | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-03-04 10:04 | hesi | New Issue | |
| 2013-03-04 10:05 | hesi | Tag Attached: data integrity | |
| 2013-03-04 10:05 | hesi | Tag Attached: data security | |
| 2013-03-04 21:59 | c_schmitz | Assigned To | => c_schmitz |
| 2013-03-04 21:59 | c_schmitz | Status | new => acknowledged |
| 2013-03-04 22:00 | c_schmitz | Assigned To | c_schmitz => |
| 2013-05-19 15:57 | aesteban | Issue Monitored: aesteban | |
| 2013-05-19 16:00 | aesteban | Note Added: 25306 | |
| 2016-08-29 10:30 | c_schmitz | Status | acknowledged => closed |
| 2016-08-29 10:30 | c_schmitz | Assigned To | => c_schmitz |
| 2016-08-29 10:30 | c_schmitz | Resolution | open => fixed |
| 2016-08-29 10:30 | c_schmitz | Fixed in Version | => 2.5+ |
| 2021-08-03 18:20 | guest | Bug heat | 252 => 254 |
