View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 252
IDProjectCategoryView StatusDate SubmittedLast Update
07844Bug reportsSecuritypublic2013-05-16 14:272013-06-09 16:43
Reporteraesteban Assigned Toc_schmitz  
PrioritynormalSeveritypartial_block 
Status closedResolutionfixed 
Product Version2.05 RC 
Fixed in Version2.00+ 
Summary07844: PHPSESSID cookie is not httponly
Description

In order to mitigate XSS attacks, PHPSESSID should have the "httponly" attribute

Steps To Reproduce

1.- Login to application
2.- Open Firebug plugin in Firefox or equivalent plugin.
3.- PHPSESSID cookie has not the httponly attribute

TagsNo tags attached.
Bug heat252
Complete LimeSurvey version number (& build)130420
I will donate to the project if issue is resolvedNo
Browser
Database type & versionMysql 5.1
Server OS (if known)RedHat Enterprise Linux
Webserver software & version (if known)Apache 2.2
PHP Version5.3.3

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2013-05-17 16:11

administrator   ~25296

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=12440
c_schmitz

c_schmitz

2013-05-26 21:06

administrator   ~25377

New version 2.00+ Build 130526 released
c_schmitz

c_schmitz

2013-06-09 16:43

administrator   ~25486

Fix committed to 2.05 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=12540

Related Changesets

LimeSurvey: master 8ef1a527

2013-05-17 14:11:13

c_schmitz

Details Diff 		Fixed issue 07844: PHPSESSID cookie is not httponly Affected Issues
07844
mod - application/core/LSYii_Application.php Diff File

LimeSurvey: 2.05 6add94aa

2013-05-17 14:11:13

c_schmitz

Details Diff 		Fixed issue 07844: PHPSESSID cookie is not httponly Affected Issues
07844
mod - application/core/LSYii_Application.php Diff File

Issue History

Date Modified Username Field Change
2013-05-16 14:27 aesteban New Issue
2013-05-17 16:09 c_schmitz Assigned To => c_schmitz
2013-05-17 16:09 c_schmitz Status new => assigned
2013-05-17 16:11 c_schmitz Changeset attached => LimeSurvey master 8ef1a527
2013-05-17 16:11 c_schmitz Note Added: 25296
2013-05-17 16:11 c_schmitz Resolution open => fixed
2013-05-17 16:12 c_schmitz Status assigned => resolved
2013-05-17 16:12 c_schmitz Fixed in Version => 2.00+
2013-05-26 21:06 c_schmitz Note Added: 25377
2013-05-26 21:06 c_schmitz Status resolved => closed
2013-06-09 16:43 c_schmitz Changeset attached => LimeSurvey 2.05 6add94aa
2013-06-09 16:43 c_schmitz Note Added: 25486