Anonymous Login
2016-10-22 08:59 CEST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
07631Feature requests[All Projects] Securitypublic2016-08-29 10:30
Assigned Toc_schmitz 
Product Version 
Target VersionFixed in Version2.5+ 
Summary07631: Session Cookie XSS protection via HttpOnly flag
DescriptionIs it possible to set the HttpOnly option within the Session Cookie to implement a Cross Site Scripting mitigation?

The additional secure flag can't be set by default, as some surveys might be processed via unencrypted http connections.
Additional InformationOpen Web Application Security Project (OWASP): HttpOnly option

Open Web Application Security Project (OWASP): Testing for cookies attributes (OWASP-SM-002)
Tagsdata integrity, data security
Attached Files




aesteban (developer)

This bug is duplicate of 07844, which is already fixed.

Sorry, I created 07844 before finding this one.

Issue Community Support
This issue is already marked as resolved.
If you feel that is not the case, please reopen it and explain why.
Supporters: c_schmitz
Opponents: No one explicitly opposes this issue yet.

-Issue History
Date Modified Username Field Change
2013-03-04 10:04 hesi New Issue
2013-03-04 10:05 hesi Tag Attached: data integrity
2013-03-04 10:05 hesi Tag Attached: data security
2013-03-04 21:59 c_schmitz Assigned To => c_schmitz
2013-03-04 21:59 c_schmitz Status new => acknowledged
2013-03-04 22:00 c_schmitz Assigned To c_schmitz =>
2013-05-19 16:00 aesteban Note Added: 25306
2016-08-29 10:30 c_schmitz Status acknowledged => closed
2016-08-29 10:30 c_schmitz Assigned To => c_schmitz
2016-08-29 10:30 c_schmitz Resolution open => fixed
2016-08-29 10:30 c_schmitz Fixed in Version => 2.5+
+Issue History