Anonymous Login
2016-12-03 05:37 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
07631Feature requests[All Projects] Securitypublic2016-08-29 10:30
Reporterhesi 
Assigned Toc_schmitz 
PrioritynormalSeverityfeature 
StatusclosedResolutionfixed 
Product Version 
Target VersionFixed in Version2.5+ 
Summary07631: Session Cookie XSS protection via HttpOnly flag
DescriptionIs it possible to set the HttpOnly option within the Session Cookie to implement a Cross Site Scripting mitigation?

The additional secure flag can't be set by default, as some surveys might be processed via unencrypted http connections.
Additional InformationOpen Web Application Security Project (OWASP): HttpOnly option
https://www.owasp.org/index.php/HttpOnly

Open Web Application Security Project (OWASP): Testing for cookies attributes (OWASP-SM-002)
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28OWASP-SM-002%29
Tagsdata integrity, data security
Attached Files

-Relationships
+Relationships

-Notes

~25306

aesteban (developer)

This bug is duplicate of 07844, which is already fixed.

Sorry, I created 07844 before finding this one.
+Notes

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: c_schmitz
Opponents: No one explicitly opposes this issue yet.

-Issue History
Date Modified Username Field Change
2013-03-04 10:04 hesi New Issue
2013-03-04 10:05 hesi Tag Attached: data integrity
2013-03-04 10:05 hesi Tag Attached: data security
2013-03-04 21:59 c_schmitz Assigned To => c_schmitz
2013-03-04 21:59 c_schmitz Status new => acknowledged
2013-03-04 22:00 c_schmitz Assigned To c_schmitz =>
2013-05-19 16:00 aesteban Note Added: 25306
2016-08-29 10:30 c_schmitz Status acknowledged => closed
2016-08-29 10:30 c_schmitz Assigned To => c_schmitz
2016-08-29 10:30 c_schmitz Resolution open => fixed
2016-08-29 10:30 c_schmitz Fixed in Version => 2.5+
+Issue History