View Issue Details

IDProjectCategoryView StatusLast Update
07631Feature requests[All Projects] Securitypublic2016-08-29 10:30
ReporterhesiAssigned Toc_schmitz 
Status closedResolutionfixed 
Product Version 
Target VersionFixed in Version2.5+ 
Summary07631: Session Cookie XSS protection via HttpOnly flag
DescriptionIs it possible to set the HttpOnly option within the Session Cookie to implement a Cross Site Scripting mitigation?

The additional secure flag can't be set by default, as some surveys might be processed via unencrypted http connections.
Additional InformationOpen Web Application Security Project (OWASP): HttpOnly option

Open Web Application Security Project (OWASP): Testing for cookies attributes (OWASP-SM-002)
Tagsdata integrity, data security




2013-05-19 16:00

developer   ~25306

This bug is duplicate of 07844, which is already fixed.

Sorry, I created 07844 before finding this one.

Issue History

Date Modified Username Field Change
2013-03-04 10:04 hesi New Issue
2013-03-04 10:05 hesi Tag Attached: data integrity
2013-03-04 10:05 hesi Tag Attached: data security
2013-03-04 21:59 c_schmitz Assigned To => c_schmitz
2013-03-04 21:59 c_schmitz Status new => acknowledged
2013-03-04 22:00 c_schmitz Assigned To c_schmitz =>
2013-05-19 16:00 aesteban Note Added: 25306
2016-08-29 10:30 c_schmitz Status acknowledged => closed
2016-08-29 10:30 c_schmitz Assigned To => c_schmitz
2016-08-29 10:30 c_schmitz Resolution open => fixed
2016-08-29 10:30 c_schmitz Fixed in Version => 2.5+