View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
07631 | Feature requests | Security | public | 2013-03-04 10:04 | 2016-08-29 10:30 |
Reporter | hesi | Assigned To | c_schmitz | ||
Priority | normal | Severity | feature | ||
Status | closed | Resolution | fixed | ||
Summary | 07631: Session Cookie XSS protection via HttpOnly flag | ||||
Description | Is it possible to set the HttpOnly option within the Session Cookie to implement a Cross Site Scripting mitigation? The additional secure flag can't be set by default, as some surveys might be processed via unencrypted http connections. | ||||
Additional Information | Open Web Application Security Project (OWASP): HttpOnly option Open Web Application Security Project (OWASP): Testing for cookies attributes (OWASP-SM-002) | ||||
Tags | data integrity, data security | ||||
Bug heat | 254 | ||||
Story point estimate | |||||
Users affected % | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2013-03-04 10:04 | hesi | New Issue | |
2013-03-04 10:05 | hesi | Tag Attached: data integrity | |
2013-03-04 10:05 | hesi | Tag Attached: data security | |
2013-03-04 21:59 | c_schmitz | Assigned To | => c_schmitz |
2013-03-04 21:59 | c_schmitz | Status | new => acknowledged |
2013-03-04 22:00 | c_schmitz | Assigned To | c_schmitz => |
2013-05-19 15:57 | aesteban | Issue Monitored: aesteban | |
2013-05-19 16:00 | aesteban | Note Added: 25306 | |
2016-08-29 10:30 | c_schmitz | Status | acknowledged => closed |
2016-08-29 10:30 | c_schmitz | Assigned To | => c_schmitz |
2016-08-29 10:30 | c_schmitz | Resolution | open => fixed |
2016-08-29 10:30 | c_schmitz | Fixed in Version | => 2.5+ |
2021-08-03 18:20 | guest | Bug heat | 252 => 254 |