View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
07631Feature requests[All Projects] Securitypublic2013-03-04 10:042013-05-19 16:00
Assigned To 
Product Version 
Target VersionFixed in Version 
Summary07631: Session Cookie XSS protection via HttpOnly flag
DescriptionIs it possible to set the HttpOnly option within the Session Cookie to implement a Cross Site Scripting mitigation?

The additional secure flag can't be set by default, as some surveys might be processed via unencrypted http connections.
Additional InformationOpen Web Application Security Project (OWASP): HttpOnly option [^]

Open Web Application Security Project (OWASP): Testing for cookies attributes (OWASP-SM-002) [^]
Tagsdata integrity, data security
Attached Files

- Relationships

-  Notes
aesteban (developer)
2013-05-19 16:00

This bug is duplicate of 07844, which is already fixed.

Sorry, I created 07844 before finding this one.

Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: c_schmitz
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2013-03-04 10:04 hesi New Issue
2013-03-04 10:05 hesi Tag Attached: data integrity
2013-03-04 10:05 hesi Tag Attached: data security
2013-03-04 21:59 c_schmitz Assigned To => c_schmitz
2013-03-04 21:59 c_schmitz Status new => acknowledged
2013-03-04 22:00 c_schmitz Assigned To c_schmitz =>
2013-05-19 16:00 aesteban Note Added: 25306

Copyright © 2000 - 2016 MantisBT Team
Powered by Mantis Bugtracker